RE: mpls fragmentation [7:74577]

[Peter van Oene]

At 08:42 AM 9/2/2003 +1200, Thomas Salmen wrote:

hmm, cheers

any idea if there is any documentation regarding this? seems to me that with
all these sites these days mucking around with df bits and filtering icmp
that it's a wonder that any link with an odd pmtu works at all. not to
mention qos getting all upset with fragmented packets.

I don't believe there is any documentation per se.  Essentially, if you 
operate a network and impose encap overhead to frames, you need to 
compensate for this overhead by increasing your supported mtu sizes.

thomas

 
 
  At 10:37 PM 8/31/2003 +, Thomas Salmen wrote:
  does anyone know if using frame-mode mpls affects the mtu on an
  interface? i
  can't help thinking that sticking in an extra 32-bit header would mean
  reducing the amount of user data that could be carried by 32
  bits - causing
  fragmentation if the data field is already at its max for a given
  interface...
 
  MPLS headers, 802.1q tags and all similar encap overhead
  certainly add size
  to frames and are certainly things one needs to be mindful of from an mtu
  perspective.
 
  apologies if the question is an inane one, but i'm just starting
  to get into
  this ls thang
  
  thomas
  **Please support GroupStudy by purchasing from the GroupStudy Store:
  http://shop.groupstudy.com
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  **Please support GroupStudy by purchasing from the GroupStudy Store:
  http://shop.groupstudy.com
  FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74625t=74577
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: mpls fragmentation [7:74577]

[Peter van Oene]

At 10:37 PM 8/31/2003 +, Thomas Salmen wrote:
does anyone know if using frame-mode mpls affects the mtu on an interface? i
can't help thinking that sticking in an extra 32-bit header would mean
reducing the amount of user data that could be carried by 32 bits - causing
fragmentation if the data field is already at its max for a given
interface...

MPLS headers, 802.1q tags and all similar encap overhead certainly add size 
to frames and are certainly things one needs to be mindful of from an mtu 
perspective.

apologies if the question is an inane one, but i'm just starting to get into
this ls thang

thomas
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74607t=74577
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RFC 2547 vs. RFC 2764 VPNs [7:73048]

[Peter van Oene]

I'm curious if anyone has talked to their SP and has thought about
leveraging MPLS carrier's carrier approach?  Not sure how many
SPs, if any, support this currently, but seems to have the
right scaling properties if you're an ISP.   And with the ability
for eBGP to carry labels for BGP routes (see neighbor send-label),
the CE-PE protocol remains vanilla eBGP, meaning there's no
need for MP-BGP or LDP.  Of course, now you may need to do iBGP
or confed eBGP over the MPLS cloud, but that could be interepreted
as a benefit.

L2VPN using Kompella or a bunch of PW's makes a very nice carrier of 
carriers approach without all the hokey L3 peering requirements.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73076t=73048
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Anyone using Qwest PRN ? [7:72704]

[Peter van Oene]

At 04:31 PM 7/21/2003 +, John Neiberger wrote:
Are any of you using Qwest PRN? If so, I have a few questions for you:

1. How do you like it so far?
2. Did you migrate from something else? If so, how did the migration go?
3. Any 'gotchas' that you learned later that you wish you'd learned sooner?
4. How does the service compare to what you were using before?
5. How many sites do you have? Is this solution scaling well for you?

Hey John,

What is PRN? Private routed network? Can't seem to find much about it in my 
brief googling.


Of course, it's not necessary to answer every question. I'm just doing some
research on their solution and thought I'd check around here for
references.

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72708t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Anyone using Qwest PRN ? [7:72704]

[Peter van Oene]

At 07:58 PM 7/21/2003 +, John Neiberger wrote:
I think this actually is an MPLS VPN, of sorts. It's been fairly hard for me
to get the nitty gritty details. As I see it, it's a layer 3 MPLS vpn with
OSPF as our 'interface' to their network but I may be wrong about that.

This sounds exactly like a 2547bis based IP VPN.

As someone else just mentioned, this service is expensive compared to frame
relay. In fact, at the moment it's about twice the monthly cost, but we're
quickly growing to a point where the frame network is not going to support
our goals. This solution looks pretty slick, I must admit.

Keep in mind that this solution involves the provider managing aspects of 
your WAN routing which involves a different level of attention from them 
then you would see with a traditional layer two network.  Usually, this 
type of service commands a premium, but the market tends to dictate pricing 
in many areas (depending upon where you are located).

Pete


John

  Chuck Whose Road is Ever Shorter  7/21/03 1:50:51
PM 
so, John, whatever happened to the MPLS network they were trying to sell
you
a while back? what advantage does PRN have vis a vis MPLS such that Quest
is
no longer trying to convince you to buy it?

inquiring minds need to know :-


John Neiberger  wrote in message
news:[EMAIL PROTECTED]
  Peter van Oene wrote:
  
   At 04:31 PM 7/21/2003 +, John Neiberger wrote:
   Are any of you using Qwest PRN? If so, I have a few questions
   for you:
   
   1. How do you like it so far?
   2. Did you migrate from something else? If so, how did the
   migration go?
   3. Any 'gotchas' that you learned later that you wish you'd
   learned sooner?
   4. How does the service compare to what you were using before?
   5. How many sites do you have? Is this solution scaling well
   for you?
  
   Hey John,
  
   What is PRN? Private routed network? Can't seem to find much
   about it in my
   brief googling.
  
 
  Oops. Accidentally hit post before adding any content.  ;-)
 
  Yes, it stands for Private Routed Network. It's a very interesting
solution.
  Our hub sites would participate in OSPF with their network, while our
spoke
  sites would use static routing. The PRN would have static routes pointing
to
  our spoke sites and those statics would be redistributed into OSPF.
 
  The biggest downside to this is that we'd have to contact Qwest each time
we
  added a new subnet at a branch, but I suppose that just means we'd need
to
  plan ahead better.
 
  This solution buys us a few things over our current frame relay network.
  Each site has a full pipe into the PRN instead of multiple PVCs sharing a
  single link, and we don't have to deal with CIR. From the perspective of
our
  routers each site is one hop away from any other site. These combination
of
  these features will allow us to proceed with VoIP throughout our network,
  which is not feasible with the current frame relay network.
 
  John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72726t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: an ISIS question.... [7:72081]

[Peter van Oene]

At 12:29 AM 7/11/2003 +, wj chou wrote:
In this case, you L1 areas will not usually be the same and the L1
adjacency between the two core routers will not form. If the area is the
same, the L2 adjacency is superfluous. Many large networks are single
area, or single level (ie L1 everyone in one area, or L2 everywhere where
area isn't very relevant.)

Can you explain a bit more about this? you L1 areas will not usually be the
same an the L1 adjacency between the two core routers will not form? I am
new to ISIS...

In the picture, you drew a network like the following:

L1L1L2---L1L2-L1

This looks very much like a network where two areas area interconnected via 
a backbone.  The backbone in this case is the set of L1L2 routers.   In 
this network, it would be logical to assign different area id's to each L1 
process such that they operate as distinct areas.  Since ISIS routers exist 
fully in a single area, this will leave the two L1L2 routers in different 
areas.  Those routers will form an L2 adjacency because the L2 process 
doesn't look for matching area IDs, but the L1 adjacency process will fail 
between them as L1 adjacencies require matching area IDs (at least one)

Does this help?

Pete


Thanks!

Ellie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72153t=72081
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: an ISIS question.... [7:72081]

[Peter van Oene]

At 03:40 AM 7/10/2003 +, wj chou wrote:
Hi..

a basic ISIS question...

I know that by default, an IS is L1-L2, so it can form a L1L2 adjacency with
its neighbors. But what's the benefit of it? and under what kind of
situation in real world people want to configure it this way?

L1L2 routers are required to interconnect L1 areas via an L2 backbone.  An 
L1L2 router acts much like an OSPF ABR.

thanks!

Ellie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72110t=72081
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: an ISIS question.... [7:72081]

[Peter van Oene]

At 08:36 AM 7/10/2003 -0700, Zsombor Papp wrote:
Hi,

the L1/L2 behavior can be configured on a per interface basis. The 
question why you would want an interface to be both L1 and L2, and 
especially why you would want a router to form both L1 and L2 adjacency 
with one of its neighbors, is a good one.

In general, I don't think you would want this. I can attest to have never 
intentionally  designing a network of that nature.  Unless you wish to 
connect L1 domains to a backbone, or are in the process of a migration from 
one topology to another, minimizing adjacency state and its related 
overhead is a good thing.

One (exotic) example would be if an L1L2 router has L1, L2, and L1L2 
neighbors as well on the same interface like, this:

|--L2
|
|--L1L2
|
|--L1L2
|
|--L1

In this case the L1L2 routers' interface must be configured for both L1 
and L2 if we want the L1 router to be able to get out. Consequently, the 
two L1L2 routers will form both L1 and L2 adjacency with each other, but 
this is more a coincidence than a requirement, IMHO.

I would agree.  There is no benefit to this as I see it.

A more realistic scenario would be like this:

L1--|
 |--L1L2(A)--L2
 |
 |--L1L2(B)--L2
L1--|

In this case, you L1 areas will not usually be the same and the L1 
adjacency between the two core routers will not form.  If the area is the 
same, the L2 adjacency is superfluous.   Many large networks are single 
area, or single level (ie L1 everyone in one area, or L2 everywhere where 
area isn't very relevant.)

Pete



I am not sure however if there is any advantage of having A and B form 
both L1 and L2 adjacencies with each other. It appears to me that L1 would 
be just fine. I, too, would be happy to hear some comments on this.

Thanks,

Zsombor

At 02:40 PM 7/10/2003 +, Peter van Oene wrote:
At 03:40 AM 7/10/2003 +, wj chou wrote:
 Hi..
 
 a basic ISIS question...
 
 I know that by default, an IS is L1-L2, so it can form a L1L2 adjacency 
 with
 its neighbors. But what's the benefit of it? and under what kind of
 situation in real world people want to configure it this way?

L1L2 routers are required to interconnect L1 areas via an L2 backbone.  An
L1L2 router acts much like an OSPF ABR.

 thanks!
 
 Ellie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72118t=72081
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Lab !!! [7:71919]

[Peter van Oene]

At 08:51 AM 7/5/2003 +, H T wrote:
Hi,
Actually Cisco just says the following topics are removed, but there is not
details

http://www.cisco.com/warp/public/625/ccie/certifications/routing.html

ISO CLNS... does it include ISIS ???

ISIS routing IP is still a valid topic.

Token Ring and Token Ring Switching... does it includes all IBM
networking???

no clue here and haven't looked into this in years.  much like yourself it 
seems :)


1. SRB
2. SR/TLB
3. RSRB
4. DLSw and DLSw+
5. Encapsulation bridging
6. CRB
7. IRB

How about ATM, what will be included?


Can any one fine out



Cheers,
Heiman.



Hemingway  wrote in message
news:[EMAIL PROTECTED]
  anyone who is serious about CCIE lab prep should become familiar with
this
  site:
 
  http://www.cisco.com/warp/public/625/ccie/
 
  start your reading here. everything yoiu need to know can be found
somewhere
  within the links provided.
 
 
  H T  wrote in message
  news:[EMAIL PROTECTED]
   Hi all,
   Can any one help us about the lab topics?
  
  
   Cheers,
   Heiman.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71941t=71919
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Your advise pls! [7:60327]

[Peter van Oene]

At 03:15 AM 1/5/2003 +, RamG wrote:
Hello Group,

I finished NP/DA in Oct 2000.  Since then, I have been looking for job in
networking.  I know my drawback for being unsuccessful.  It is my past
experience {as Accountant} and real world experience with Cisco routers.  In
order to get some experience, I had setup 5 router home lab and gained
little experience by practicing / solving lab exercise from Satterlee book.
Even that did not help me to get entry level positions.  The job market in
Toronto is so bad that, I am unable to find Tech support job too.

Have you tried the VAR market for a presales tech position?  Most VARs are 
usually interested in technical folks who understand how to present 
technology from a business/financial standpoint where I would expect you'd 
be rather proficient based upon your background.  Further, for those VARs 
that wish to also persue Silver/Gold status with Cisco, you're being in a 
position to take a shot at the CCIE would be of great benefit.

Doesn't the CCIE qualification exam renew at least the NP of your 
Certs?  The DA is about useless from my perspective unless you get some 
free stuff for it :-).  If so, I'd take the qualification exam and attack 
the VAR market as a pre CCIE with good business sense.

Pete


Now it is time for me to recertify {Oct}.  What should, I do?  I have
already spent a lot of money on books/routers.  I cannot spend any more on
books/routers.   Any advise appreciated.

  / RamG









Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71677t=60327
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: number of CCIE [7:70151]

[Peter van Oene]

 
  [JN] Yeah, but does the college happy HR dude (your idol) who
  says
  bachelors required on dinky IT jobs (e.g. desktop support
  tech) pay
  attention to that?  As far as he's concerned all BSs are BSs,
  and they are
  all superior to non-graduates.   Remember that we are talking
  about IT
  jobs, not top mamanegent or top financial analyst positions.

First of all, let me clear up that HR is not my idol.  I too do not like
many of the things that HR does.

The difference is that I accept that HR has hiring power and I see little
point in raging against the machine on this point.  Why? What's the point?
You can whine all you want and they're still going to have hiring power.
It's far more efficient to simply accept that HR has hiring power and learn
to follow their rules.

I don't mean to get into the battle of which CCIE number is better than 
which as I don't really have an opinion.  However, one thing I do pick up 
on is the reliance here upon getting through HR screens.  I don't recall 
ever getting a job through conventional means myself and I don't imagine 
that many somewhat established folks who do better than average work do 
either.  Most of the hiring I've ever participated in was referral based as 
well.

To me, this debate really only applies to those folks who do not have 
contacts in a given area and who are not prone to more aggressive 
employment acquisition strategies.  This bunch of folks tends to flood 
resumes out to Monster and hope they get a call.  However, I would see this 
category of folks as pretty junior, in which case I wouldn't expect to see 
them applying for the top tier jobs in the industry.  These folks need to 
get a job, get established, and then leverage their contact base to move on 
to bigger and better things, or leverage their track record to move up 
internally.

So, the way I see it, either you are pretty new to the industry and need 
some help getting through screener bots, or you are not and should find far 
better mileage leveraging your contact base in the industry.  If you are 
good at what you do, likely the folks you worked with noticed this as did 
the vendors who worked with you as did your customers.  Somewhere in that 
mix there has to be a hotter lead than www.findmeajobfor100k.com.   If you 
are new, having a CCIE number of any type likely helps a bunch and I can't 
see anyone caring how high or low it is unless you are trying to get some 
uber job.  If you are, you'll likely lose to someone else who came 
recommended and the how many guys passed the lab before you won't be of 
much significance.  (did I just get into the debate I said I wanted to 
avoid? :)

Anyway, I guess I'm not sure who the group of people are who are highly 
talented, yet have no contacts in the industry but still expect to pull 
down top calibre jobs.  I'm also not sure who the top calibre job employers 
are that would chose not to hire you based upon how high your CCIE number 
was vs how well you fit the job and interviewed, but I'm assuming this CCIE 
number value cut deals more with first cut resume screening.

Pete


Second of all, do you not think that if HR sees a degree from Harvard in a
resume, he's going to give more weight to that resume than to a guy from
Podunk Community College?  Of course he would.  Everybody would.  Sure, he's
not going to say that anybody who wants to get a job must have Crimson
blood, but when it comes to making the first cut, you know what he's going
to do.

 
  [NRF] First of all, what admissions fiasco?  Are you saying
  that because
  of the
  abundance of information that all of a sudden everybody's
  getting a perfect
  score on their SAT's?  I don't see that happening.  Do you?  If
  so, please
 
  [JN] The admissions process is a fiasco, but that is another
  issue.  Are you
  implying that all the certified people are getting perfect
  scores because
  of braindumps and bootcamps?

No I am not, but you do concede that those things make certs easier?  And
because of the fixed-score nature of certs, that there is no
relative-scoring mechanism that can compensate for this.  To wit - if
everybody who applied to Harvard presents a 1600 SAT, that doesn't mean that
everybody gets admitted - the admissions decision now moves to other
criteria because at the end of the day there are more applicants to Harvard
than there are slots.  But if everybody who attempts the CCIE is properly
bootcamp-ed, then everybody can, in theory, pass.

 
  [NRF] that all of a sudden because of the abundance of
  information,
  everybody is
  now a star athlete or class president, or all those other
  factors that help
 
  [JN] Ah, I see, we wish for a hierarchial classification of
  tech in the same
  manner a college partitions its student body: i.e. a class
  president or
  class athlete, as in star router dude test# 652-STAR, a
  position in cert
  society achieved by fulfilling a number of criteria.  Perhaps
  one such
  criterion is popularity among 

Re: RE: number of CCIE [7:70151]

[Peter van Oene]

At 09:34 PM 6/8/2003 +, garrett allen wrote:
the intent of this list is to discuss preparation cisco exams, not
opportunities in the various job markets.  if your comments don't
relate to the study blueprint in some meaninful way, please keep them
to yourself.

nice thread :-)  for those whining about it, you can skip the messages you 
know.

ccie is a good challenge.  got after it if you want.  maybe it will help 
you get a job, maybe it won't.  jncie is pretty neat too :)

my ie will expire in a couple months and I could really care less.

but please, feel free to continue debate subjective topics as you see fit.

for what its worth, in my opinion, nrf has well earned the right to debate 
whatever he wants on this list.

pete

thanks.

- Original Message -
From: n rf
Date: Sunday, June 8, 2003 4:14 pm
Subject: Re: RE: number of CCIE [7:70151]

  garrett allen wrote:
  
   yawn.
 
  Bored?
 
  I don't want to be overly confrontational, but if you really
  thought this
  thread was so boring that you're yawning, then why did you bother
  to make a
  rebuttal to me in the first place?  The fact that you did
  obviously means
  that you don't think it's THAT boring.
  Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70401t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Tag Switching Vs Multicast [7:69797]

[Peter van Oene]

At 05:24 PM 5/29/2003 +, Kazan, Naim wrote:
Howard,

I would appreciate your view and the group on which one you guys would
prefer, Tag switching or Multicasting. We having been running into problems
with doing multiple windows XP imaging that can only handle up to 8
computers at a time. Multicast is enable at the layer 2  3 but still can't
run more than 8 multicast sessions using Norton tool to accept clients for
multicast. Once it receives the MAC address of the computer we send a
session out to image about 8 computers. The number of computer will
fluctuate doing more than 8 and sometimes only capable of doing no more than
3. If we do more than that it freezes up at 25% completion rate of the
image. We have over a thousand computers to upgrade to windows XP by mid to
late June. Our network has 6500 serious switches along with 7507 core
routers. The 6500 handle both layer2/3 functions. Any help will go a long
way. Thank you in advance for everyone's input in this matter.

Sounds to me like you need a better multi-cast source vs changes in your 
network.  Where does tag switching fit into this?


-Original Message-
From: Howard C. Berkowitz
To: [EMAIL PROTECTED]
Sent: 5/28/03 3:50 PM
Subject: Re: Packet retransmit questiion [7:69715]

At 6:46 PM + 5/28/03, Robert Perez wrote:
 Hi all,
 
 I have a question on the CCIE 350-001 test.  I have heard differing
opinions
 on this but when traffic crosses a WAN connection and there are
problems who
 does the retransmit?? Host or RTR??
 
 1.) In Frame relay there is a line hit or corrupt packet on the WAn,
who
 retransmits, should be the source router correct?
 
 2.) In a point to point circuit w/HDLC there is a line hit or corrupt
packet
 who retransmits, should be the source router correct??
 
 3.) In a bridged environment with a WAN a T-1 takes a line hit or
corrupt
 packet who retrnasmits, should be the source host correct??

In all cases, the host, if you are running IP protocols that even
specify retransmission.  TCP does, but UDP does not. RPC over UDP
retransmits.

The only exception where the router would retransmit would be if you
are running X.25, LAP-B, SSCOP, or SDLC.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69813t=69797
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Am I over my head guys? [7:69746]

[Peter van Oene]

At 07:52 AM 5/29/2003 +, B Rudy wrote:
Hey guys, I just got an offer to become a 2nd senior network engineer for
this company in Orange Country.  Great News i know!!

Dilemma:  I am a CCNP but have no local Area Nework Experience.  Going to be
workin with Catalyst 6500 switches.  Also i have about 2 yrs working with
cisco equipment, however, dont feel i am ready for a senior title and
duties.  Also working with cisco routers.

What do you guys think i should do?

1.  Take the job and see how it works out?  Maybe mess up their network and
look real dumb and unknowledgable on some troubleshooting.  risked getting
fired?
2.  Let the job go, and watch a great opp float away?
3.  Keep the existing job i have working with cisco equipment and
technology?

I get through most days very much like a duck; calm in appearance, but 
scrambling like crazy underneath to keep things afloat.  This is not a bad 
thing really, it just means that you may have to do a bit more research 
here and there.  At the end of the day, so long as you don't misrepresent 
yourself, or answer questions when you aren't sure of the correct answer, 
you'll do fine.

One of the best ways to advance and really push yourself is to drop in well 
over your head and see if you can't swim up :-)  Drowning is a great
motivator!

You obviously care about getting it done right, and will likely put the 
time it to make up for any lack of experience you think you may 
have.  You'll do fine I expect.

Pete


p.s.  This job is a senior position, so meaning senior pay. very positive
aspect, and a great company going places. over 4000 employees.

Your output is greatly appreciated. Really need some advice. Thanx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69811t=69746
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Urgent Help Needed [7:69669]

[Peter van Oene]

At 12:02 PM 5/28/2003 +, Rohit Sundriyal wrote:
Hi All

I am facing very Strange Problem .My lan is behind Pix and for the last few
weeks i am receiving some popup messages on my lan pc from internet even
thought i am not browsing any site.Can anybudy tell how to block this kinda
messages on pix ???

These are likely triggered by trojan apps on your pc.  Try grabbing 
software that scans your PC for these types of tools.  I use ad-aware 
myself if I recall correctly.

Also, when a pop up appears, you can always drop to the shell (assuming 
winx) and use netstat to see what connections you have active to get an 
idea where the pop up was coming from.

Pete


For more information please visit http://www.4vsoft.com
(Software that is used for sending this kinda messages.)



Thanks
Rohit




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69680t=69669
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 and 2 question. [7:69576]

[Peter van Oene]

At 03:05 PM 5/27/2003 +, Nuurul Basar wrote:
I am planning to configured both my core and distributions as L3 device, and
let the access switch to distribution using L2.
I was advice that by doing this on my network two identical ip address on
same subnet/vlan but in a different access switch can exist.
And a packet that is attend to a host in the different switch might end up
in the else where.  Is this real?.

I'm not entirely sure what you are trying to accomplish here?  Do you 
actually require multiple devices to share single IP addresses?  I have 
only seen that used for things like DNS query handling (stateless 
udp).  Haven't seen it used anywhere else.

Sorry, but I have never think off this before.

Thanks

Nuurul Basar Mohd Baki
Network Engineer
DDSe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69602t=69576
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 and 2 question. [7:69576]

[Peter van Oene]

At 08:19 AM 5/28/2003 +0800, Nuurul Basar wrote:
I was amming to get both Core and dist running on L3, thus a thought off two
network device having the same IP was no in.  My design was rejected by the
Project Mgr, due this this reason.  Since my customer won't be running DHCP,
so some one can used the IP in another switch.  I have seen the L3 config
done in another site with DHCP, and so far it works fine.  I also have to
disable STP and lets routing take over, using OSPF.

Ok.  It sounds a bit like you might have an ISP network that connects to 
multiple different customers?  I am trying, but failing to understand what 
it is you are trying to do :-)

Pete



- Original Message -
From: Peter van Oene 
To: 
Sent: Wednesday, May 28, 2003 2:51 AM
Subject: Re: Layer 3 and 2 question. [7:69576]


  At 03:05 PM 5/27/2003 +, Nuurul Basar wrote:
  I am planning to configured both my core and distributions as L3 device,
and
  let the access switch to distribution using L2.
  I was advice that by doing this on my network two identical ip address
on
  same subnet/vlan but in a different access switch can exist.
  And a packet that is attend to a host in the different switch might end
up
  in the else where.  Is this real?.
 
  I'm not entirely sure what you are trying to accomplish here?  Do you
  actually require multiple devices to share single IP addresses?  I have
  only seen that used for things like DNS query handling (stateless
  udp).  Haven't seen it used anywhere else.
 
  Sorry, but I have never think off this before.
  
  Thanks
  
  Nuurul Basar Mohd Baki
  Network Engineer
  DDSe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69623t=69576
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP AS removal [7:66928]

[Peter van Oene]

At 01:53 AM 4/6/2003 +, Bullwinkle wrote:
In other words, for purposes of testing, there are ONLY two ways to remove
things from the AS_PATH. 1) the technique you describe, which is to create

Both these techniques are invalid in my opinion.  If you create a new 
route, you haven't changed the AS-PATH on another route at all.  In these 
cases, you have two routes, not one modified one.

an aggregate and advertise that aggregate only ( although refresh my
memory - an aggregate might still contain full AS_PATH information - don't
have my book handy ) OR to create an appropriate route to null 0, then enter
that route into the BGP process, while filtering those that contain the
AS_PATH you want to remove.


AS1-AS2-AS3

192.168.x.x subnets --advertised into AS2

   ip route 192.0.0.0 255.0.0.0
null 0
bgp process command: network 192.0.0.0 mask 255.0.0.0

filter the more specific BGP routes.

AS3 should see just the route to null 0, which does originate in AS2

do I have that right? Do you agree?

--
-

Bullwinkle: Hey, Rocky, watch me pull a CCIE out of my hat!

Rocky: Bullwinkle, that trick NEVER works

Bullwinkle: This time FOR SURE!!!
( pulls snarling Proctor out of hat )
No doubt about it. I gotta get me a new hat!



Salvatore De Luca  wrote in message
news:[EMAIL PROTECTED]
  I hear ya.. that's why if this was a TEST situation, the statement:
 
  ip as-path access-list 1 permit _2_  ! _2_ _1$ would permit routes
  traversing AS2 but deny any routes traversed though AS2 Originating in
AS1.
  In which case 150.50.200.0 aggregated element should be the nlri Fresh
  Route point for AS3's knowledge.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66965t=66928
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP AS removal [7:66928]

[Peter van Oene]

At 04:22 PM 4/2/2003 -0500, you wrote:
150.50.200.0(R1)(R2)--(R3).

R1 belongs to AS1
R2 belongs to AS2
R3 belongs to AS3

I inject 150.50.200.0 using the network command on R1 and see 150.50.200.0
in R3 with as_path of 2 1.

The question is how can I remove the 1 from the As Path on R3.

You don't.  Doing this would be silly and likely dangerous.


I have tried using the network command on R2 with no success.
If I aggregate on R2 using 150.50.200.0 255.255.255.0 summary-only ,  I
will still see 150.50.200.0 with as-path 2 1  ( no change).
However, if I aggregate on R2 using 150.50.0.0 255.255.0.0 summary-only,
then I will see 150.50.0.0 with as-path 2. The question was to get
150.50.200.0 and not 150.50.0.0.

I can't get the 150.50.200.0 to work.


Thank you.

RAM




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66928t=66928
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP AS removal [7:66928]

[Peter van Oene]

At 08:26 PM 4/5/2003 +, Salvatore De Luca wrote:
I have to agree that it is a bit silly, dangerous, and should not be done on
a production enviornment.. but so are a lot of scenarios on the CCIE Lab..
Just to add to the sillyness:

Because it is silly and dangerous, you also can't do it without creating an 
entirely fresh route with the same nlri and conditionally advertising it 
somehow.  You simply are not supposed to muck with AS-PATH elements unless 
you are aggregating, it which case you follow the defined guidelines.


Not sure how this would work, but you can try it..  have you tried as-path
manupulation? From what I can see you want to remove as 1 from the path as
R3 see's it. This config may work for what you are looking to do. You can
try applying this to the config aggregating the 150.50.200.0 network. I
think AS2 would have to originate the 150.50.200.0 net.


router bgp 3
neighbor x.x.x.x route-map as-path in


route-map as-path permit 10
match as-path 1
route-map as-path permit 20
match as-path 2

  ip as-path access-list 1 permit _2_  ! _2_ _1$
  ip as-path access-list 2 permit .*

Sal




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66938t=66928
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Question...?? [7:66919]

[Peter van Oene]

At 03:46 PM 4/5/2003 +, Salvatore De Luca wrote:
Hi All,

 I am trying to better understand a particular BGP scenario, thought
someone might shed some light. This is probably very simple, i am just
missing the punchline. If you have 2 routers, one let's say running in AS100
the other running in AS200, and you had to EBGP peer with 128.1.1.254 from
AS100 router. You were required to use the Ethernet0/0 ip on AS100 router
for peering 128.1.2.3, would you configure your neighbor statment pointing
to 128.1.1.254 and update the source to Ethernet 0/0?,(I tried this and was
no good) even after a debug ip bgp. I think maybe a secondary address
128.1.1.253 on the ethernet might be a way to go. Basically, 128.1.1.254 is
a route generator that I would need to peer with in order to recieve several
external routes. I dont have any configs to post at the moment, but just
trying to get an outside opinion.

There isn't enough info here to answer this.  Is 128.1.1.254 on the other 
side of the Ethernet?  (ie the next is 128.1.0.0/22)?  Likely not I 
expect.  If not, you need to use EBGP multihop which will allow the EBGP 
packets to move out farther than 1 link (changes the TTL in the packet from 
1 to whatever you set it to)  Furthermore, is the 128.1.1.254 configured to 
peer with 128.1.2.3?  If not, you'll need to use update source to set 
your side of the connection to the appropriate address.  If 128.1.2.3 is a 
secondary, that this would likely need to be used as well.  However, is 
128.1.2.3 is the primary address on the eth0 and the eth0 is the closest 
link on your router toward 128.1.1.254 and 128.1.1.254 is set to peer with 
128.1.2.3, than you should just be able to set multi-hop with an 
appropriate TTL and be on your way.  Also watch for BGP authentication in 
case it is required.

Pete


Thanks,
Static0101




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66937t=66919
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Books for Introduction to networking [7:66849]

[Peter van Oene]

This has always been one of my favorites.

http://www.amazon.com/exec/obidos/ASIN/0130661023/qid=1049475026/sr=2-2/ref=sr_2_2/002-6465627-7277631

(Computer Networks by Andrew Tannenbaum)

Pete


At 03:20 PM 4/4/2003 +, Hubert Pun wrote:
Hi,

Is there any good book for non-technical manager about intro to networking
(or network 101)?

I have tried to search around and come across two books.

Cisco Networking Academy Program IT Essentials II: Network Operating Systems
Companion Guide

http://www.ciscopress.com/isapi/st~{83B5FF0E-06C7-4A59-B7F4-61B7A6B1566C}/session_id~{8F92035A-5279-4756-AE28-2676C8AB5BF8}/product_id~{66B1B7AF-7587-4FD1-8D82-FDB7976BD71F}/catalog/product.asp

Internet Architecture: An Introduction to IP Protocols

http://www.amazon.com/exec/obidos/tg/detail/-/0130199060/qid=1049468836/sr=1-9/ref=sr_1_9/002-1652755-1832040?v=glances=books

The Internetwork Technology Handbook that is too cisco oriented and also
one step too far.

What I am looking for is some books that talks about OSI 7 layers, what
router is for, what switches is for and so on

Thanks in advance for any suggestion.


_
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66856t=66849
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: A career in MPLS..... [7:66609]

[Peter van Oene]

At 03:27 AM 4/2/2003 +, Priscilla Oppenheimer wrote:
I wonder if Cisco's MPLS class is just dated. It takes a long time to
develop and roll out a new class, especially if there's also a Cisco Press
book, exam, instructor materials, course binder, instructor training, beta
testing, etc.

More than likely, Cisco chose to teach what a broad range of their gear 
could do.  L2vpn doesn't fit this category, though I would expect that they 
have better luck with RSVP.

In the early days of MPLS, was there more emphasis on LDP than on RSVP-TE?

I find the two technologies not competitive actually.  I am just now 
building a network that runs LDP on a large number of devices for ease of 
provisioning, yet rides a TE core that is signalled by RSVP-TE.  To me, 
these are two tools.  However, I agree with nrf that glossing over RSVP 
will leave a bit of a hole in one's knowledge.  I again expect that Cisco 
may have had wider platform support for LDP than they did for RSVP, but I'd 
have to check that out as I know they were an early supporter of RSVP, but 
may not have offered it beyond their 7500/12000 product lines.

Were MPLS L3 VPNs around before L2 VPNs?

RFC2547bis, or BGP/MPLS VPNs, was the first widely inter operable vpn 
technology that used MPLS in the forwarding plane.  It is thus also the 
most mature of the many variants and again more widely support across the 
product line.  L2vpn (ptp) is still pretty fresh, particularly in the Cisco 
camp.  Very few platforms have a wide range of support for the many 
encapsulations defined by the various martini specs.  (Luca Martini from L3 
has taken the lead on the many L2 over MPLS encap standards as well as 
defined a signalling mechanism via LDP)  I expect the standard course gear 
doesn't have enough support for these technologies to make labs feasible.

I should note that the L2vpn (if you want to call it that and most 
marketing types do) I've been discussing (though briefly) are the point to 
point type (Virtual Private Wire Services -VPWS).  Think frame relay with 
ethernet in the last mile and 802.1q tags for DLCIs.  There are also a set 
of standards dealing with point to multipoint delivery, usually known as 
Virtual Private Lan Services that are attracting a bunch of a 
attention.  These specs made the provider network look like a single 
broadcast domain.  I'm not convinced that is a good thing (don't know many 
providers using LANE for what its worth), but it certainly seems exciting 
to marketing and IETF types.

Anyway, I suppose my overall point is that I fully agree with nrf, that to 
the curricula is not entirely representative of the more interesting bits 
of MPLS, however I expect the underlying reason is lack of platform/sw 
support to enable effective classroom lecture on the subjects.

Pete



Maybe it's just a matter of course development latency. Thanks for your
insights.

Priscilla


nrf wrote:
 
  Henry D.  wrote in message
  news:[EMAIL PROTECTED]
   I don't mean to start any type of argument here, especially
  with someone
   who obviously has more experience than I do. Yes, you've been
   contributing to this study group many times. But also many
  times
   your contributions are rather rethorical than practical and
  at the same
   time you seem to draw attention to what your opinion is
  rather than to
   give an educated and objective view backed by any type of
  real life
   examples.
 
  First of all, given the subject matter (MPLS), it is most
  difficult to be
  giving out real-life examples.  The fact is, MPLS is at this
  time not widely
  implemented, so therefore few examples abound.
 
  Second of all, it is essentially impossible for anybody to make
  a posting
  that is not necessarily colored with an opinion, particularly
  when they are
  discussing a subjective question.  Questions like whether they
  should study
  MPLS or what they should do with their future are necessarily
  going to draw
  a wide range of opinions.  If everybody is supposed to
  dogmatically answer
  'yes' or 'no', then what's the point of even asking the
  question in the
  first place?  The point is that subjective questions must
  necessarily elicit
  subjective answers.  People are not robots.   Everybody has to
  call it like
  they see it.  You ask a subjective question, and people should
  be able to
  chime in with whatever they think.  It's all about freedom of
  speech.
 
  Third of all, Cisconuts and I have taken the discussion
  offline, and while I
  don't want to speak for him, I would venture to say that he is
  quite happy
  with my responses.  So if he's cool, then what exactly is your
  beef?
 
  Fourth of all, I resent the implication that my views are not
  educated.  Be
  careful when you go around saying stuff like that.  I seem to
  recall a story
  a  few years ago how one particular guy harangued another guy
  about BGP,
  essentially saying that he knew nothing about how BGP really
  worked - only
  to find out 

Re: CCIE Vs. Linux engineer (not Ph.d) [7:66669]

[Peter van Oene]

Just study both and go easy on the incitement of textual riots.

At 10:15 AM 4/2/2003 +, you wrote:
Hopefully I'm not going to stir another whirpool here.

Today I was surfing job sites and found out that where there are less than
dozen jobs available for CCIE in Silicon valley, there are more than 80 jobs
available for Linux engineers. Their initial salaries seem to be better than
CCIE nowaday.
We all understand that we take great pride in achieving CCIE. It is not only
the hardest network certifications to get, but also financial rewards used
to be excellent, too.

No matter how much efforts we put in these CCIE certifications, our fates
are still being subject to the cruel law of supply and demand especially in
this time of war.

Linux is not easy. There are many commands to remember. But it doesn't
require to invest thousands of dollars in routers and switches for training.
However their demands are higher than ever. On the other hand, the supply
for the CCIEs seems to surpass today's demand and for some serious time to
come.

Some might say, you study CCIE because you love the networking. Alright, but
if the future salaries for CCIEs are going to be somewhere near MCSE level,
would you put such an effort to get CCIE certs and still pursuing the career
of Cisco?

Where are we heading? Someone please enlighten us.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66688t=9
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What tools can tell u r using lease line or ISDN? [7:66561]

[Peter van Oene]

At 05:27 PM 3/31/2003 +, Link Teo wrote:
I am using leased line to connect my remote offices to HQ. All the leased
line are backup by ISDN. Is there any tools which can inform me via email or
other means about whether I am using leased line now or ISDN backup? In
other words, any tools which can inform me when the primary line is down and
the ISDN kick in?

Any SNMP manager should be able to tell you when the primary link dies.

Thanks a lot.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66574t=66561
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Route Reflectors [7:66488]

[Peter van Oene]

At 04:52 PM 3/31/2003 +, \\[EMAIL PROTECTED]\
wrote:
All,

Please can someone clear this up for me, if you have the time.

IBGP peers do not have to be physically connected to one another, as long as
an IGP (most preferably) is running between them.

In most cases the routers are not adjacent and certainly do not need to 
be.  Half the reason one runs an IGP in an ISP is for loopback reachability 
support for IBGP peering.  Such a demand would put pretty expensive 
topological demands on a network.

On page 128 (paragraph 1) of the Routing TCP/IP Volume 2 book, it says the
following about route reflectors and clients :-
The clients have physical connections to each of the route reflectors, and
they peer to each

This may relate only to the diagram in question.

I assume that each client in a iBGP domain, does not need to share a
physical data-link to each RR?

Correct.

Many thx. (maybe im just tired from studying all weekend).

Regards,
Ken



For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.


Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message.  Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed.  Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
Barclays Group.  Replies to this email may be monitored by the Barclays
Group for operational or business reasons.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66573t=66488
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PING PROBLEM [7:66132]

[Peter van Oene]

At 09:58 AM 3/26/2003 +, Larry Letterman wrote:
The serial interface cant ping itself like the ethernet can..It will send
the
packet to the remote end and then back..if the path between both serial
interfaces is not correct the local ping will
fail..turn off keepalives and see if the ping will work on the local end..

With HDLC encap, the router should be able to ping itself IIRC.

Pete



Larry Letterman
Network Engineer
Cisco Systems


   - Original Message -
   From: srinivas kunthuri
   To: [EMAIL PROTECTED]
   Sent: Tuesday, March 25, 2003 8:43 PM
   Subject: Re: PING PROBLEM [7:66132]


   Hi Larry,

   I did not understand what you are saying. I had pinged my local serial
   interface. it is giving request timed out. i had pinged the remote end
serial
   ip. it is giving reply. Can you tell me why it happend.


   Thanks,
   K.Srinivas
 - Original Message -
 From: Larry Letterman
 To: srinivas kunthuri ; [EMAIL PROTECTED]
 Sent: Wednesday, March 26, 2003 1:09 AM
 Subject: Re: PING PROBLEM [7:66132]


 to ping the serial interface usually it has to go to the remote end and
   then
   back...make sure the path from end to end is working...

 Larry Letterman
 Network Engineer
 Cisco Systems


   - Original Message -
   From: srinivas kunthuri
   To: [EMAIL PROTECTED]
   Sent: Tuesday, March 25, 2003 2:11 AM
   Subject: PING PROBLEM [7:66132]


   Hi all

   I am having one doubt regarding ping. I had configured two routers at
two
   locations connected through SCPC PAMA VSATs.
   I had pinged to serial interface. It has given request timed out.
but,
   the
   serial interface is up and line protocol is also up.
   I had pinged the other end serial ip. it is giving reply. what will
be
   the
   reason. can any one explain me .

   Regards,
   K.Srinivas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66251t=66132
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Basic QOS Frame MPLS question [7:66210]

[Peter van Oene]

At 02:08 PM 3/26/2003 +, [EMAIL PROTECTED] wrote:
I don4t think so.

There are many QoS tool that you can use without MPLS.

For what it's worth, MPLS is not a QOS tool.  It can be used as a component 
in a QOS strategy, but by itself, provides no QOS.

For example, you can use ip rtp priority, so the priority traffic will go
to a high priority queue. Also, the fragmentation options will help you to
avoid 'big' frames from starving the voice frames.

Low Latency Queueing for Frame Relay
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t2/dtfrpqfq.htm#wp1033474


Link Fragmentation and Interleaving with Frame-Relay
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt6/qcflfifr.htm

Frame Relay Header compression
http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/rtphead.htm#xtocid63548







Paul @groupstudy.com em 25/03/2003 19:59:20

Favor responder a Paul

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Basic QOS Frame MPLS question [7:66210]


Hi, Quick question to everyone 

At work I have a Frame Cloud that links all our sites together in a hub and
spoke manner.

At some of the sites I would like to extend our IP Telephony and perhaps
introduce Video Conferencing.

Assume I have adequate bandwidth throughout for video and IP telephony.

I would like to implement QOS. Am I correct in assuming that I can only
prioritise voice/video over the frame circuit, and that if I want to
implement
QOS I would have to 'swap' Frame for MPLS/Layer 4 Switching ???

Kind regards

Paul 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66261t=66210
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ping things [7:66155]

[Peter van Oene]

At 12:55 PM 3/26/2003 +, Peter P wrote:
I can reach my end node by declaring the loopback address as the source. By
default the router is using the seril i/f address. Unless I use the loopback
as the source it dont work. So I need to understand how to fix this - I
imagine the intervening hops are where the trouble lies

Make the serial interface reachable.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66260t=66155
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ping things [7:66155]

[Peter van Oene]

At 02:55 PM 3/25/2003 +, Peter P wrote:
I can ping from router A through various hops to router F.
Therefore the packet'knows' how to reach F - and also how to find a path
back to A by reply. However from router F I cannot ping router A.
As the ping works in the first case - ie it knows the path back from F to A
- how come it doesnt work in the 2nd ? The path is 'clean' ie no firewalls,
access lists or any filtering. Puzzled.

A cannot reach the interface from which the ping in sourced on F most 
likely.  Try controlling your source addresses and see if that points you 
in the right direction.

Pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66174t=66155
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ping things [7:66155]

[Peter van Oene]

At 04:35 PM 3/25/2003 +, Priscilla Oppenheimer wrote:
Orlando Palomar Jr  CCIE#11206 wrote:
 
  You have a routing problem. Check your routing tables
  thouroughly. I'm sure you're missing some networks.
 
  The reason you're able to ping one-way is because you're using
  different sets of source and destination IP addresses when
  pinging from router A to router F, as compared to pinging from
  router F to router A.

The ping reply from router F uses the same addresses as the ping from router
F to router A. Why would the reply work but not the ping?

In many cases the ping is directed to a router loopback which I assumed and 
likely Orlando did as well.

Or maybe the ping from router F to router A fails because the reply from
router A doesn't get back. But that would be weird too. Why would router A
be able to send a ping but not a reply? He needs to find out which fails and
where, with debugs or sniffers.

He could still have a routing problem, but it would have to be a weird one
if these results are consistent.

He says no firewalls or access lists, but it sure sounds like a firewall or
access list to me.

Priscilla


 
  Use the extended ping command to see what I mean.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66175t=66155
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ping things [7:66155]

[Peter van Oene]

At 04:35 PM 3/25/2003 +, Priscilla Oppenheimer wrote:
Orlando Palomar Jr  CCIE#11206 wrote:
 
  You have a routing problem. Check your routing tables
  thouroughly. I'm sure you're missing some networks.
 
  The reason you're able to ping one-way is because you're using
  different sets of source and destination IP addresses when
  pinging from router A to router F, as compared to pinging from
  router F to router A.

The ping reply from router F uses the same addresses as the ping from router
F to router A. Why would the reply work but not the ping?

In many cases the ping is directed to a router loopback which I assumed and 
likely Orlando did as well.

Or maybe the ping from router F to router A fails because the reply from
router A doesn't get back. But that would be weird too. Why would router A
be able to send a ping but not a reply? He needs to find out which fails and
where, with debugs or sniffers.

He could still have a routing problem, but it would have to be a weird one
if these results are consistent.

He says no firewalls or access lists, but it sure sounds like a firewall or
access list to me.

Priscilla


 
  Use the extended ping command to see what I mean.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66204t=66155
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: type 4 LSA updates OSPF question [7:66089]

[Peter van Oene]

At 08:25 PM 3/24/2003 +, Xy Hien Le wrote:
Hi everyone,

Can someone tell me that only ABR will ORIGINATE type 4 LSA in OSPF or both
ABR and ASBR do?

Only ABRs originate type 4 summaries.

Pete


Thanks
Xy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66094t=66089
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using communites to change the local-pref - not working?? [7:65999]

[Peter van Oene]

Are you sure the communities are on the routes when they hit  UU/Sprint?  I 
expect you remembered to add send-community to the peer :)

Pete


At 04:26 PM 3/22/2003 +, Cisco Nuts wrote:
Hello,
I have 2 routers in AS300
RTF is connected to RTA in AS 1239 
RTG is connected to RTH in AS 701
In AS300 I have set communities via a route-map to be advertised as follows:
1239:110 to AS 1239 
701:120 to AS 701

Routers in AS 1239 and AS 701 have been configured with a community list and
a route-map to match these communities and change the local pref to 110 and
120 respectively.

These work fine:
Ex.AS701-H#bt
Network  Next HopMetric LocPrf Weight Path
* 3.3.3.0/24   190.90.10.1   120  0 300 i

Ex. AS1239-A#bt
Network  Next HopMetric LocPrf Weight Path
* 3.3.3.0/24   180.80.10.1  0110  0 300 i



AS1239 and AS701 are connected to RTE AS7018-NAP

 From AS7018, I wanted to route to be preferred through AS701 which has a
higher local pref of 120
BUT AS7018 still prefers the route thru AS1239 which has a local pref.
And I do not see the local pref values in AS7018. Why??

Ex. AS7018-NAP#bt
Network  Next HopMetric LocPrf Weight Path
*  3.3.3.0/24   170.70.10.20 701 300 i
* 160.60.10.20 1239 300 i

160.60.10.2 is AS1239
Now I do understand that all things being equal, BGP will prefer the router
with the lowest RID, which in this case is AS1239, 160.60.100.100. Thus
AS7018 chooses this route.

BUT I want AS7018 to choose AS701 to get to AS300's networks!!!

Question: Should AS7018 on receiving the communites from AS1239 and AS701
set the desired local pref??
Why not??
What am I missing?
Please advise.

Thank you.
Sincerely,
CN






_
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65999t=65999
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Using communites to change the local-pref - not working?? [7:66002]

[Peter van Oene]

  Question: Should AS7018 on receiving the communites from AS1239 and AS701
  set the desired local pref??
  Why not??
  What am I missing?
  Please advise.

My read on it ( after checking Halabi's and Stewart's books ) is that
LOCAL_PREF is typically set on the inbound side, not with the outbound side.
LOCAL_PREF is an optional attribute. You don't want others to be able to
impose their criteria on you.

This is actually a real world scenario.  In an ISP network, I want control 
of everything.  Letting customers influence their flows (or peers or anyone 
for that matter other than me) makes me nervous.  For these reasons, even 
though it may be safe to use it, I'd zero all inbound meds.

However, I may want to allow a customer some controlled flexibility, so I 
give them a few communities to strap on routes that will influence my pref 
setting.  This is what CN is referencing.  ATT might give you 7018:90, 
7018:80 and 7018:100 to use which they will honor with LPref settings on 
their end (of 80,90 and 100 in this case).  In this way, as the ISP, you 
give the customer the ability to influence your exit decisions, but you do 
it on your terms.

Pet

also - are you remembering to use the bgp send-communities switch?

This, or buggy IOS that itself might have overlooked this setting would be 
my guess.




 
  Thank you.
  Sincerely,
  CN
 
 
 
 
 
 
_
  Add photos to your e-mail with MSN 8. Get 2 months FREE*.
  http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66002t=66002
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Getting out of hand?? [7:65676]

[Peter van Oene]

At 07:31 PM 3/18/2003 +, Priscilla Oppenheimer wrote:
Maccubbin, Duncan wrote:
 
  How is the industry supposed to keep up with this??

What's the issue? Not sure I'm seeing your point. What's wrong with Cisco
announcing that their product received some sort of certificaton?

Exactly.. I think the poster mistook the possibly ambiguous announcement as 
yet another CCXX cert.

Now, if you were concerned that Cisco has too many ways for people to get
certified and that the situation is getting out of hand, I might agree.

I really am surprised at how many folks pour their heart/money into getting 
one after another.   I'm also amazed at how many folks will try and devote 
a good portion of interview time to showing me their various certificates. 
After the first couple I pretty much grasp that you have enough short term 
memory to get through a multiple choice exam and we should really get back 
to talking about technologies.

Cisco makes big bucks on these certifications.  The recert requirements 
create a beautiful residual revenue stream making this business unit very 
attractive internally to Cisco.  Since they doubled the cost of the CCIE 
recert, purely for profit, I have decided to let my certification lapse vs 
give in to this obvious cash grab.  Kudos to Cisco for making their VAR 
channels one of their more lucrative revenue sources.

Priscilla


 
  Cisco also announced today highly prestigious certification
  support across
  the entire PIX Family of security appliances. Certifications
  earned include
  the Common Criteria Evaluation Assurance Level 4 (EAL4)
  certification, and
  both ICSA Labs firewall and IPSec certifications. These
  certifications
  provide customers with independent and objective validation
  that a company's
  product meets certain levels of quality and reliability, and
  are among the
  industry's most respected and stringent criteria for
  certification.
  Providing customers broad certification support across the
  Cisco PIX family
  within a common operating system increases operational
  efficiencies and
  lowers support and management costs.
 
 
  Duncan Maccubbin
  US Network Support, Cable and Wireless
  CCNA, CCNP, CSS1, MCSE4
  Work (703)287-6975
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65689t=65676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IOS for MPLS [7:65586]

[Peter van Oene]

At 02:25 PM 3/17/2003 +, Michael wrote:
Dear all

Can anybody suggest a stable vesion that supports
MPLS?

Try your SE team.  It's all a balance of 
platforms/features/interfaces/VIPs/PA's etc :)

We are in a process of running MPLS though our network
on C7507 routers and we tried a few versions IOS but
we face various and different problems between the
version . We face problems with interface statistics,
with web browising with various vendors Firewalls
etc..

Most of these issues sound like MTU problems.  Are you budgeting for the 
extra encap overhead in your backbone MTU's?

Pete




Your help will be appreciated

__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65593t=65586
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Off Topic - CCIE Certification Junkies [7:65499]

[Peter van Oene]

At 05:30 PM 3/15/2003 +, The Long and Winding Road wrote:
With the announcement of the CCIE Voice certification ( a Good Thing, IMHO )
I wonder a couple of things:

1) who will be the first quadruple CCIE?

A certification junkie ;-)

2) Does Cisco still recognize the Design, WAN, and IBM CCIE's as valid
certifications, making it possible to have more than four?

3) When will the CCIE become just another useless cert in the long history
of useless networking certs?

I really don't see the point myself.  Having a CCIE proves that one is able 
to do research and pass a relatively challenging test.  However, the 
practicality of the material tested upon is really questionable (more so in 
some tracks than others I expect as well)

I imagine most employers with the technical ability to properly evaluate 
candidates will not weight candidates with more than one CCIE higher than 
others.  I imagine these types of employers will simply look for candidates 
who can demonstrate the proficiencies they are looking for.  Further, there 
is little justification outside of the VAR space to hire CCIEs over 
otherwise qualified folk anyway.  Indeed, there may be justification not to 
as a CCIE may attract more head hunter attention (if there are any left) 
than a non CCIE would.

For me, the CCIE was a good motivation for learning some technologies I 
would have otherwise ignored.  If I were to do another one, it would 
provide only that benefit.  But the costs are becoming quite prohibitive, 
and Cisco's decision to raise the cost of recertification to 300 bucks has 
really left me wondering if I will recert.  I'm not big on extortion.

Pete





NRF - you out there tonight?




--
TANSTAAFL
there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65515t=65499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Any Cisco Teaching Certificate [7:65322]

[Peter van Oene]

At 04:45 PM 3/13/2003 +, Shawn Xu wrote:
I am holding CCNP certificate. Recently I am interested in teaching Cisco
router and switch stuff. Do I need any Cisco teaching certificate?

That depends on what you want to teach.  If you want to teach licensed 
Cisco material, then I'd consult with whomever you expect to be teaching 
for and ask them what they require of you.


Shawn




_
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65349t=65322
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Spanning tree question on .1q trunks [7:65386]

[Peter van Oene]

At 11:08 AM 3/14/2003 +, Amar KHELIFI wrote:
ur right about the frames ability to use gig0/2 only if the gig0/1 goes
down, but according to the standard, the link from which bpdu's arrive with
a higher cost will be put on blocking, but visibely that is not the case.
some one will surelly respond to this.


Keep in mind that only one side of a point to point LAN link will ever 
block.  One node on every LAN segment must be elected as the designated 
bridge port for the segment.I posted a pretty long explanation of this 
awhile back but can't find it in my archives :(

Pete



John Brandis  a icrit dans le message de
news: [EMAIL PROTECTED]
  Hey All,
 
  I am going through my network, which consists of a single 4006 at the
core,
  and some 14 2950's connected via gig fibre.
 
  Picture this, I have 4 2950's on each floor  (3 floors in my building,
yes
I
  know that does not equal 14 switch's) each have a gbic fibre connection
to
  the 4006 core, whilst the other gig port go's to the next switch on that
  level. So switch 1 connects int gig 0/2 to switch 2 gig 0/2
 
  My issue at the moment, is that when I have a look at the spanning tree
  states, I see that both gig ports are in a forwarding state. That does
not
  sound correct to me as I expected to see one blocking (the int gig 0/2)
and
  the link to the core in a forwarding state. Here is the output of one of
my
  switch's
 
  lvl13-sw1#sh spanning-tree blockedports
 
  Name Blocked Interfaces List
   
 
  Number of blocked ports (segments) in the system : 0
  ---
  A showing of my active spanning tree ports shows
  --
 
  InterfacePort ID Designated
Port
  ID
  Name Prio.Nbr  Cost Sts  Cost Bridge ID
  Prio.Nbr
    - --- - 
  
  Gi0/1128.49   4 FWD 0  8192 0009.e87f.ea00
  128.75
  Gi0/2128.50   4 FWD 4 32769 000a.b7e3.2dc0
  128.50
 
  * I have noticed that the cost of the port is significantly higher which
  would indicate to me that data not go over this interface unless the
  interface gig 0/1 died.
 
  Am I right, or do I have an error on my network.
 
  Thanks for this guys/girls/etc/squid/
 
 
  **
 
  visit http://www.solution6.com
 
  UK Customers - http://www.solution6.co.uk
 
  **
 
  The Solution 6 Head Office and NSW Branch has moved premises.
  Please make sure you have updated your records with our new details.
 
  Level 14, 383 Kent Street, Sydney NSW 2000.
 
  General Phone: 61 2 9278 0666
 
  General Fax: 61 2 9278 0555
 
  **
 
  This email message (and attachments) may contain information that is
  confidential to Solution 6. If you are not the intended recipient you
cannot
  use, distribute or copy the message or attachments.  In such a case,
please
  notify the sender by return email immediately and erase all copies of the
  message and attachments.  Opinions, conclusions and other information in
  this message and attachments that do not relate to the official business
of
  Solution 6 are neither given nor endorsed by it.
 
  *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65431t=65386
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ASBR router [7:65424]

[Peter van Oene]

At 03:00 PM 3/14/2003 +, [EMAIL PROTECTED] wrote:
It is generally a bad idea to run any IGP with your ISP.  If your intent is
to advertise the external interface that you connect to your ISP to your
OSPF network, then run that interface under OSPF as passive.

I don't think any sane ISP would allow this anyway ;-)

I personally don't see how OSPF is relevant in the question, unless it 
relates to BGP Next-Hop resolution which likely isn't the case, or maybe 
the origination of a default route.



Thanks,

Mario Puras
SoluNet Technical Support
Mailto: [EMAIL PROTECTED]
Direct: (321) 309-1410
888.449.5766 (USA) / 888.SOLUNET (Canada)



-Original Message-
From: hanan [mailto:[EMAIL PROTECTED]
Sent: Friday, March 14, 2003 7:21 AM
To: [EMAIL PROTECTED]
Subject: ASBR router [7:65424]


Hello
I have a ASBR router that has internal interface with my internal network
and a external interface witch is connected to ISP that provide us Internet
My question is do I need to configure this external interface with a
separate area or I dont need to put it in a separate area, and if so how I
will know which area the ISP use
Could you please explain to me how we configure the external interface,
which is connected to ISP in ASBR router?

Hanan
Best regards




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65453t=65424
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 Switches Vs Routers [7:65215]

[Peter van Oene]

At 05:57 PM 3/14/2003 +, Scott Roberts wrote:
  In the end, the device either routes or bridges the frames it
  receives, but takes no action that can be distinctly described as layer
  three switching.
 
  Pete
 

to my basic understanding ALL routing has a switching component to it
already, whether we're talking about regular routers or L3 switches. process
switching, fast switching, autonomous switching, distributed switching,
etc... are all the ways the packets are moved between interfaces on a
router. therefore both layer 2 and layer 3 'switch' irregardless of the name
on the chassis.

I disagree.  You are describing a generic technology with vendor specific 
terminology.  How packets move (if they move at all) in a router is an 
implementation specific detail (that is to say it's up to the box designer 
and internal to the device itself) .

  I personally view the sole distinction between the standard
routers/bridges
and the multilayer switches as the use of ASICs.

How a technology is implemented does not change the nature of the 
technology itself.  By this definition, I would be curious at what 
forwarding rate does a router becomes a switch?   In other words, just 
because some IP routers are faster than others does not mean they are not 
routers.

Of note, most high end routers implement an all silicon based forwarding 
path and few of these folks have branded their routers as switches.

scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65476t=65215
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 Switches Vs Routers [7:65215]

[Peter van Oene]

At 01:43 AM 3/13/2003 +, aletoledo wrote:
a layer three switch is a router, just as a switch is really a bridge. a
layer 3 switch 'routes' in hardware, while a router routes in software.

For what its worth, Juniper would likely take exception to your calling 
their products layer three switches as they have an all ASIC forwarding 
plane and therefore route in hardware.

thats the easiest way to look at them. it has gaps, but once you get the big
picture you can then start to talk about the specifics.

probably the biggest thing that a layer 3 switch can't do (unless its
changed recently) is route anything but IP. while designing the hardware
routing circuits for a L3-switch they had to compromise and IP being the
most popular won out. thats not to say that one day they won't have made
enough chipsets to route every other kind of protocol also. I suppose since
we saw the death of bridges due to switches, we'll also see the death of
routers to L3-switch.

scott

nanda  wrote in message
news:[EMAIL PROTECTED]
  Hi ...
 
  We have switches that operate at Layer 3..right..
  My Question is when we have Routers that are good enough why do we need
  switches at layer3?
  Under what circumtances do we use switches instead of routers?
 
  Hope I made Myself Clear...Thanks in Advance!!!
 
  Regards...
  Nanda




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65300t=65215
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Layer 3 Switches Vs Routers [7:65215]

[Peter van Oene]

At 10:44 PM 3/12/2003 +, Orlando, Jr. Palomar wrote:
Without consulting any documentation, a couple of reasons I could think of
is forwarding rate and the switch-fabric (or the size of the backplane,
usually in Gbps). A full-fledged Layer-3 switch running at wire-speed
would be much more efficient in routing (and switching) between VLANs
compared to a router.

Many routers route at wire speed and can do this on/between tagged 
VLANs.  This is just routing.

Another point of comparison is port density. You can only have such and such
number of ethernet, fastethernet, or maybe even gigabit ethernet ports on a
router before the cost becomes quite prohibitive.

Oh sure, you can use the router-on-a-stick method. And though it is a good
Cisco IOS feature, it was meant to be an interim solution when transitioning
from a flat to a segmented network.

Anyway, if you only have a relatively small network, say 2 VLANs, you can
opt for the router-on-a-stick method. Or better yet, use a router with
dual ethernets or fastethernets. However, if you're supporting 4,5, or more
networks, that's what L-3 and multi-layer switches are for.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65301t=65215
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP dampening [7:65086]

[Peter van Oene]

At 07:39 PM 3/11/2003 +, Oliver Hensel wrote:
Hi!

Can someone point me to a document which explains
what happens with a prefix that is dampened if
it's distributed via two providers.

Hi Oliver,

Here is a link to a doc from Randy Bush that covers damping in some detail.

http://psg.com/~randy/021028.zmao-nanog.pdf
 (handily posted to NANOG today :)

For technical info on damping in general, check rfc 2439, and RIPE 229 for 
recent best practise config settings (which are put into serious question 
by the above PDF)

Damping was brought into existence as a means to protect routers which 
could be overwhelmed by a large amount of BGP updates to the extent where 
they would would either crash, or drop BGP sessions themselves thereby 
exacerbating the route churn issue.

At present, newer routers and better BGP implementations are able to deal 
with large amounts of BGP updates without any impact to other processes in 
the router and thus the need to protect them via damping isn't a huge 
priority.  Further, as Randy points out, damping may do more harm than good 
to route convergence in the global Internet.  As a result, I think it is 
safe to say that the need for damping in general is in serious question.

Will only the penalized route dampened, that is
will we still have connectivity if one link is
flapping. I think so, but I'd like to have some
confirmation for that.

BGP prefixes (NLRI) are damped individually, however damping really only 
impacts you on more remote AS's.   In your case, you have a situation like 
the below:


 you
 /  \
transit1transit2
  | \ /  |
remote1   - -   remote2
  |  \  /  |
remote3  --- remote4

When you advertise 10/8 to transit1 and transit2, assuming these folks are 
clueful and automatically pref customer routes above peer/transit, both of 
them will always prefer the direct route to you.  This is important as 
implicit withdrawals are penalized in the same way as direct 
withdrawals.  This fact, coupled with the fact that damping stats are 
cleared on EBGP sessions when the peer resets will tend to make damping 
irrelevant between neighboring AS's.  However, as you get more and more 
remote, things get worse.

To expand on this, consider remote3.   Assuming you advertise 10/8 to both 
transits, imagine that the update from transit2 gets to remote1  first and 
on to remote3.  In this case, remote3 hits you with an advert penalty and 
posts the route 10/8 via as-path r1,t2, you  Shortly thereafter, the 
update from transit1 shows up in remote1 and by virtue of a better AS-PATH 
becomes the best path in remote1.  Remote1 therefore sends an update with 
the new path info to remote3.  This update includes an implicit withdrawal 
of the old path and a subsequent damping penalty applied to 10/8 in 
remote3.Likely these two updates appeared in remote 3 in a pretty 
narrow time window and thus you have a 10/8 prefix that has suffered a nice 
penalty without ever really flapping.  Consider also that depending on AS 
size, router types, BGP advertisement intervals and such, remote 3 may have 
seen an r1,r4,r2,t2 path first, then an r1.r2,t2, then an r1,t1 path and 
may have penalized you once for the initial advert and two more times for 
the implicit withdrawals which might get you damped in remote3 right off 
the bat.

This issue gets worse as you consider ASes more and more remote from you.

For what it's worth, I may have this entirely wrong :-)  But this is my 
understanding of the behavior.  The networks I have designed used graded 
damping and are not tremendously aggressive.  I am however considering 
removing damping from the configs for the few networks I have some impact 
in as I really don't see it serving much of a role.

Pete

Thanks and best regards,

Oliver


--
Oliver Hensel
telematis Netzwerke GmbH
mailto:   [EMAIL PROTECTED]
Siemensstrasse 23, D-76275 Ettlingen
Tel: +49 (0) 7243-3448-0, Fax: -498
visit us:  http://telematis.com
3




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65302t=65086
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISP OSPF Design [7:65316]

[Peter van Oene]

At 03:54 PM 3/13/2003 +, Chris Headings wrote:
Good morning all,

Does anyone out there know of either a good white paper or book that shows
some ISP OSPF designed networks?  I am trying to find something that is more
geared towards service providers rather than corporate network LAN design.

Here are some thoughts.  First off, keep your IGP as small as possible by 
pushing as much routing as possible in BGP.   Ideally, you'll only use OSPF 
for loopback and link reachability.

Use multiple areas only when the sheer amount of routers/interfaces demands 
it.  Since you have few routes in OSPF, you won't be using multiple areas 
to enable address summarization.  The amount of routers one has before one 
needs isolation via areas is a matter of some debate, but assuming you have 
some service provider class routers, should be at least in the 50-100 range 
at minimum and could likely approach much higher numbers.

If you must use multiple areas, configure them as NSSA.  You shouldn't have 
any externals in your network to begin with, but some odd situations tend 
to demand it and therefore if you must bring them in, NSSA will allow you 
some control over their flooding.

Beyond that, try nanog archives for metric use guidelines if you intend to 
do some TE in OSPF (there are a few different approaches to metric use in 
IGPs).  Also nanog is likely to have some timer tweaks that will be helpful 
in speeding convergence.

Book wise, I've not seen one that covers IGP/BGP in tremendous 
detail.  Howard Berkowitz has a pretty useful service provider book 
(Building Service Provider Networks / Wiley) that covers a variety of ISP 
oriented details that would likely be a good read if you are new to ISP 
networking, but most of the decent ISP best-practise like details from a 
router configuration perspective have usually been found at or near the 
NANOG community.  Phillip Smith from Cisco has published his ISP Essentials 
set of guildelines as a book which has a lot of very useful information, 
but can also be found in pdf form.

Pete




Thanks as always...

Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65345t=65316
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Layer 3 Switches Vs Routers [7:65215]

[Peter van Oene]

At 12:16 PM 3/13/2003 -0500, Howard C. Berkowitz wrote:
At 2:43 PM + 3/13/03, Peter van Oene wrote:
At 10:44 PM 3/12/2003 +, Orlando, Jr. Palomar wrote:
Without consulting any documentation, a couple of reasons I could think of
is forwarding rate and the switch-fabric (or the size of the backplane,
usually in Gbps). A full-fledged Layer-3 switch running at wire-speed
would be much more efficient in routing (and switching) between VLANs
compared to a router.

Many routers route at wire speed and can do this on/between tagged
VLANs.  This is just routing.

Another point of comparison is port density. You can only have such and
such
number of ethernet, fastethernet, or maybe even gigabit ethernet ports on
a
router before the cost becomes quite prohibitive.

Oh sure, you can use the router-on-a-stick method. And though it is a
good
Cisco IOS feature, it was meant to be an interim solution when
transitioning
from a flat to a segmented network.

Anyway, if you only have a relatively small network, say 2 VLANs, you can
opt for the router-on-a-stick method. Or better yet, use a router with
dual ethernets or fastethernets. However, if you're supporting 4,5, or
more
  networks, that's what L-3 and multi-layer switches are for.

Peter, would you agree that when someone says that's what layer3 and 
multilayer switches are for, they are really talking about router 
packaging (as oppposed to fundamentally different technology) that creates 
platforms with certain port densities, functionality tradeoffs, and price 
points?

I would certainly agree.

There is definitely a family of enterprise devices that package relatively 
high density layer two aggregation (ie lots of GE/FE ports) with a routing 
functionality such that you end up with an integrated device that can route 
or bridge depending upon configuration.  However, such a device is in 
theory no differently that a router connected directly to a bridge via an 
external vlan trunked interface.  The fact that the box happens to 
integrate the connection between router and bridge is merely a matter of 
convenience.  In the end, the device either routes or bridges the frames it 
receives, but takes no action that can be distinctly described as layer 
three switching.

Pete



Again, I call attention to the comment of routing in hardware as 
misleading. I can't think of a routing ASIC, where I actually looked at 
the chip or chipset design, that wasn't some flavor of Von Neumann 
stored-program computer.  Certain of the specific designs might be 
microcode rather than RISC or CISC, but they are still basically von 
Neumann.  FPGAs might be a special case, but they can't do the more 
complex functions.

In other words, an ASIC is a computer, just a specialized, optimized 
computer burned into silicon (or whatever).. Some newer ASICs even are 
partially reprogrammable, typically with electrically alterable gate 
arrays and the like.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65341t=65215
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Bandwidth calculations [7:65008]

[Peter van Oene]

At 01:36 PM 3/12/2003 +, Amar KHELIFI wrote:
sorry i don't agree.
check the bandwidth calculator on the net, u will see that i was correct.
+ for the K and k and B and b, it is so obvious that an explanation is not
necessary...

While I agree that Kb tends to refer to 1024 and kb to 1000, I will suggest 
that very few things are so obvious that they do not require 
explanation.  If it truly did not require explanation, you would not be 
involved in a discussion revolving around the clarity of the expression, or 
otherwise you mean to suggest that your partner in the discussion is obtuse 
to to the point of missing the most obvious of points, which I think might 
be a little offensive.

Pete




thanx for letting my messages show up normally and then respond to
them;


s vermill  a icrit dans le message de news:
[EMAIL PROTECTED]
  I should also have mentioned that the B is typically capitalized along
  side the K when dealing with kilobytes (KB) and the b is typically
not
  capitalized when dealing with kilobits (kbps).  That's probably at least,
if
  not more, significant than the K/k capitalization (if, in fact, any of
it
  is significant).  I mention it because it seems to cause so much
confusion.
  You won't see it around here much, but at some other forums one of the
chief
  complaints relates to achieving only 1/8th the expected download rate.
  What's happening, of course, is that the download is being measured in
  KB/sec while the connection is rated in kbits/sec.  I'll shut up now...
 
 
  s vermill wrote:
  
   Amar KHELIFI wrote:
   
since
1byte=8bits
and
1Kbits=1024bits
then
 32kbps=32768bps=4096bytes
there is no formula.
  
   Amar KHELIFI,
  
   1kbits does not = 1024bits and 32kbps does not = 32768bps.
   1kbps = 1,000bps  32kbps = 32000bps.  k simply means 1,000.
   The whole idea of 1KB (KiloByte) = 1024 bits has to do with
   binary math and the fact that computers deal in bytes vs.
   bits.  2^10 = 1024, which is divisibly by 8 (whereas 1,000
   would not be).  It would be very inconvenient for a computer to
   have to deal with information blocks that are not divisible by
   8.  Modern communications systems are not byte-aligned at all
   and deal strictly in bits.  For example, a DS0 is 64kbps.
   That's 64,000bps.
  
   As a side note, and I'm not sure that there's any official
   convention to go along with this, in general, a KiloByte is
   abbreviated KB, with a capital K.  kilobits per second is
   generally abbreviated kbps, with a lower-case k.  Thus, when
   you see a capital K, it's safe to assume 1024 is being implied,
   whereas when you see a lower-case k, it's safe to assume 1,000
   is being implied.
  
   Regards,
  
   Scott
  
  
  
   
Robert Perez  a icrit dans le
message de
news: [EMAIL PROTECTED]
 Anyone know how the conversion techniques for converting
bits, bytes,
 kilobits, etc, to calculate bandwidth usages?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65204t=65008
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ??? MPLS ??? [7:64898]

[Peter van Oene]

At 02:16 PM 3/10/2003 +, Steven Aiello wrote:
Sorry for such a newbe question.  But what is MPLS?  And what is it?
Any one have a link they can point me too?  Just trying to learn more.

I would recommend you start at www.mplsrc.com and possibly surf to the 
standards page.  Within that page, check out 
http://www.ietf.org/rfc/rfc3031.txt?number=3031 at least for an overview of 
the architecture of the protocol itself.  Cisco will have a great deal of 
information as well, and certainly played a big role in the development of 
the specifications, but also tend to use a lot of proprietary terminology 
that might just confuse you moving forward.

Matt Kolon at Juniper said once that MPLS is essentially low overhead, 
virtual circuits for IP.  I personally think this statement aptly 
describes the protocol.

At present, MPLS plays an enabling role in many technical solution sets, 
mostly in the VPN environment.  Hence, a lot of folks, particularly when 
first learning the protocol, become distracted by the many features that 
MPLS enabled solutions might present, but lose site of what role MPLS 
itself plays.

The C/S mailing list at Groupstudy might prove an interesting forum for QA 
as I believe MPLS is more relevant to that track, however this list 
certainly includes a bunch of folks who have a wealth of knowledge on the 
topic.

Pete


Thanks,
Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65048t=64898
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: OSPF vs ISIS in large networks [7:65049]

[Peter van Oene]

Hi all,

Here is a quick post from Dave Katz on ISIS vs OSPF in large networks 
dealing with the issue of which protocol inherently scales better.  This is 
from a thread in the IETF OSPF WG mailing list for those looking for the 
full thread.  Dave has participated significantly in the development of 
routing protocol software for both Cisco and Juniper.

Thought some folks might find it interesting

Pete


Date: Sun, 9 Mar 2003 21:05:14 -0800
Reply-To: Mailing List 
Sender: Mailing List 
From: Dave Katz 
Subject: Re: ospf limits...
To: [EMAIL PROTECTED]
X-RAVMilter-Version: 8.4.1(snapshot 20020919) (usermail.com)
X-Spam-Status: No, hits=-8.5 required=9.1
 tests=FORGED_RCVD_TRAIL,IN_REP_TO,REFERENCES
 version=2.50
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)

For all practical purposes, the designs of the OSPF and ISIS protocols
will not be the limiting factor in the size of an area, unless (a) you
have a really good implementation, and (b) you feel the need to dump
excessive numbers (many thousands) of external and stub routes into
the protocol.

Most implementations will crash and burn before the topology gets
big enough to become an issue, and most people don't dump externals
into their IGPs (they use BGP instead.)

Architecturally, OSPF limits the inter-router topology and stub routes
due to the 64KB limit on the Router LSA, and ISIS limits the total amount
of information due to the 256 LSP fragment limit.  One could come up
with various hacks for either protocol if these limits were actually,
well, limiting, but this has never been the case in (sane) practice.

Historically, the ISIS implementation from a particular major vendor has
had better scaling characteristics than the OSPF implementation of that
particular major vendor, but this this isn't really the case for another
major vendor.  ;-)

--Dave




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65049t=65049
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Become instructor [7:64820]

[Peter van Oene]

At 11:11 AM 3/8/2003 +, omar wrote:
Hello ,
I am working as a freelance and i would like to be an Instructor (Cisco) .
Did anybody know the cursus?

I believe you still need to work for an authorized Cisco training partner 
assuming you are looking for the CCSI designation.

best regards
omar


___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en frangais !
Yahoo! Mail : http://fr.mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64831t=64820
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP for CCIE Written [7:64707]

[Peter van Oene]

At 12:11 PM 3/7/2003 +, Johan Bornman wrote:
Is EIGRP a Hybrid or Distance Vector protocol?

Cisco calls it Hybrid.  It looks pretty distance vector to me though.  A 
hello mechanism and adjacencies does not a link state one make.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64724t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP for CCIE Written [7:64707]

[Peter van Oene]

At 03:54 PM 3/7/2003 +, The Long and Winding Road wrote:
Peter van Oene  wrote in message
news:[EMAIL PROTECTED]
  At 12:11 PM 3/7/2003 +, Johan Bornman wrote:
  Is EIGRP a Hybrid or Distance Vector protocol?
 
  Cisco calls it Hybrid.  It looks pretty distance vector to me though.

in what way? the hop count is pretty well hidden in the dark interior of the
code. all those cost numbers, the ( also somewhat hidden ) topology table,
and the ( somewaht hidden ) successor table certainly give it the appearance
of link state.

In a link state algorithm, a router builds a complete topology table for 
the bounded area in which it operates and then uses a spanning tree like 
algorithm (dijkstra in most cases) to calculate loop free paths.  EIGRP 
simply does not do this.   Primary and secondary paths in EIGRP are 
calculated based upon indirect information relayed by direct neighbors only 
using an advanced distance vector algorithm (DUAL).

I think Cisco likes to call it Hybrid since many folks feel distance vector 
routing is inferior to link state and thus by labelling EIGRP as the best 
of both approaches, Cisco has put a positive spin on the protocol.  This is 
typical marketing garbage from one of the best spin companies on the planet 
(in a neck and neck race with Microsoft and Harley Davidson for that matter)

Pete



Chuck
who considers all this stuff a kind of magic



 A  hello mechanism and adjacencies does not a link state one make.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64732t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP for CCIE Written [7:64707]

[Peter van Oene]

At 04:31 PM 3/7/2003 +, Willy Schoots wrote:
Maybe the fact that EIGRP has an option to turn SPLIT HORIZON on/off is
a big clue towards it being a DV protocol. Last time I checked OSPF/ISIS
didn't have this option ;-)

OSPF and ISIS are actually distance vector between areas and use a strict 
two level hierarchy with a single backbone along with some LSP/LSA process 
rules that prevent loops.


Cheers,

Willy

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
The Long and Winding Road
Sent: vrijdag 7 maart 2003 16:54
To: [EMAIL PROTECTED]
Subject: Re: EIGRP for CCIE Written [7:64707]

Peter van Oene  wrote in message
news:[EMAIL PROTECTED]
  At 12:11 PM 3/7/2003 +, Johan Bornman wrote:
  Is EIGRP a Hybrid or Distance Vector protocol?
 
  Cisco calls it Hybrid.  It looks pretty distance vector to me though.

in what way? the hop count is pretty well hidden in the dark interior of
the
code. all those cost numbers, the ( also somewhat hidden ) topology
table,
and the ( somewaht hidden ) successor table certainly give it the
appearance
of link state.

Chuck
who considers all this stuff a kind of magic



 A  hello mechanism and adjacencies does not a link state one make.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64734t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 MPLS VPN Questions [7:64770]

[Peter van Oene]

At 09:05 PM 3/7/2003 +, John Neiberger wrote:
I'm at the early stages of considering migrating away from a
point-to-point frame relay network to a layer 3 MPLS-based private
network and I have a couple of questions based on some preliminary
verbal information.

I was told that no router reconfiguration was required on our side but
I don't see how that's possible.  Since our CE router connects the the
PE router they need to have common addressing and a common routing
protocol, which I think must be either OSPF or IS-IS.

For L3VPN based on 2547bis, the provider network becomes a layer three peer 
with your edge gear.  In the frame relay model, the provider is fully 
transparent to you at layer three.  Hence, you'll need to establish some 
sort of layer three peering with the providers edge
routers.  This could be a typical IGP, or ideally one of static or BGP.

A layer two VPN, using pseudowires as defined by Luca Martini in the 
various draft-martini-pick-your-layer-two, would more or less emulate the 
type of service you have now and would not require a change in your routed 
topology.  I  tend to recommend L2VPNs where customers already have sizable 
frame networks, unless the customer has a strong desire to outsource its 
routing to the provider.

Regarding the routing protocol, it wouldn't be a big deal to change to
using one of the above but that would still be a change, right?  :-)

Yep


Regarding the addressing, is it common for a customer to get a new
addressing scheme for the provider for their edge links?  Or, will the
provider readdress their PE connections that interface with our network?
  It makes more sense to me that the provider would make us readdress.
Does one method seem to be more common than the other?

Addressing in one VPN is fully abstracted from another VPN and thus there 
really isn't the need to migrate toward any unique IP space here.  You 
could use your own space, or some 1918 etc.

Since this is a layer 3 VPN the provider's routers will have specific
information about our internal addressing, and I can hear our security
people groaning over this already.  My boss might not like that idea, as
well.  Has this been a security concern for anyone?  Is there reason to
be concerned?  Conversely, is there a good way for me to explain to my
boss and the security department why we shouldn't be concerned?

Security is a common concern here.  However, in any vpn service, you are 
putting some trust in the provider as they do have internal access to your 
traffic flows.  If you are concerned about security, there is nothing to 
preclude the use of IPsec over the public/VPN portions of your network.

I'm still awaiting more technical information from our provider, and
we're going to have a face-to-face meeting with technical people in a
couple of weeks, but I wanted to become more familiar with this
technology before they get here.

Here is the latest draft for the protocol

http://www.ietf.org/internet-drafts/draft-rosen-ppvpn-2547bis-protocol-02.txt


Many thanks!
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64781t=64770
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Re: EIGRP for CCIE Written [7:64707]

[Peter van Oene]

At 09:30 PM 3/7/2003 +, The Long and Winding Road wrote:
MADMAN  wrote in message
news:[EMAIL PROTECTED]
  I agree 100%, it is ENHANCED, read glorified, IGRP.


the REAL question is which is better, EIGRP or  L3 switching?   ;-

I'm working on a draft for ARP switching.  Still struggling with what layer 
it works at though and what it specifically does.  I'll let you know when 
I'm finished.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64782t=64707
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question on BGP aggregation [7:64581]

[Peter van Oene]

At 08:31 AM 3/6/2003 +, Mike Flanagan wrote:
I have a question on different methods of BGP aggregation. Lets say
for instance that I had 4 /24 that I wanted to aggregate to a /22.
I am getting these /24's through EBGP and want to summarize them to
my IBGP peer withought using any aggregate address or summary address
command. What other options would I have to summarize this ?

Why would you want to do this?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64619t=64581
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ATM RFC [7:64199]

[Peter van Oene]

At 12:19 PM 3/2/2003 +, you wrote:
Hi Group, Would u kindly guide me which RFC to read to understand
properly the behaviour of different ATM types of service ( vbr-nrt, cbr,
abr, ... ) Best Regards

The ATM forum is your best bet here.  Here is a relevant link.

http://www.atmforum.com/standards/approved.html



Protect your PC - Click here for McAfee.com VirusScan Online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64206t=64199
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: L3 Switching Huh???? [7:63728]

[Peter van Oene]

A
And that's exactly what would happen if you did the inter-VLAN routing on a
router too, using subinterfaces for each VLAN/ IP subnet. :-)

And, if it were a high-end router, it could do this at wire speed and would
have a RIB and FIB, just like someone else described for the 6500. The 7500
router has had that sort of architecture for years, if I'm not mistaken.
Howard has given us lots of examples of other high-end routers that have
this sort of architecture. Of course, these high-end routers are probably
way more expensive than the so-called L3 switch and probably have all sorts
of features that you might not need in a campus network.

Last I check, extreme make some pretty cheap bridges with integrated 
routing :)   Naturally, to get a bunch of packet processing without 
mortgaging forwarding capacity, you'll end up spending more 
bucks.  Howard's point about the relevance of wire speed routing in the 
enterprise is dead on though - most folks don't need it and wouldn't make 
use of it even if they had it.


So, we're back to the first answer. The difference between a router and a L3
switch is marketing. Also economics.

Sorry, I just had to play devil's advocate. What a shame that Cisco has
mangled this so much in their intro training materials.

Priscilla

  ...
 
  Does that help?
 
  Oh - and I think you meant to say layer 3 switching is a
  marketing term,
  not scientific or engineering in nature. ... you said layer 3
  routing ...
  Thanks!
  TJ
  [EMAIL PROTECTED]
 
 
  -Original Message-
  From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, February 26, 2003 7:45 AM
  To: [EMAIL PROTECTED]
  Subject: RE: L3 Switching Huh [7:63728]
 
  OK, let me try this again.  I am trying to figure out the
  difference between
  conventional layer 3 routing and layer 3 switching.  A little
  background.  I
  am currently working towards my CCNA (have been for about 3
  years).  At any
  rate, everything I read and look at says that
  switching/bridging is a layer
  2 function, routing is a layer 3 function.
 
  Either I don't have a good grasp of the OSI model, switching,
  routing, VLANs
  or all of the above.
 
  The network:
 
  Host A  10.1.1.2 MAC 00.AA
  Host B
  10.1.2.2 MAC 00.BB
|10.1.1.1 MAC 01.AA  10.1.2.1 MAC
  02.BB|
   switch
  A---Router-switch B
  10.1.1.0/2410.1.2.0/24
 
  This is an ethernet network.  Both segments are connected by a
  traditional
  router say a 2500.
  In this instance the router interfaces are subnet A 10.1.1.1,
  and subnet B
  10.1.2.1
 
  For simplicity, assume ARP cache is empty.
  Host A wishes to ping Host B
  End user on Host A enters - ping 10.1.2.2
  The IP packet places the source address 10.1.1.2 and the
  destination address
  10.1.2.2 into the packet.
  The IP protocol examines the IP address and based on the IP
  address
  determines this is in another subnet.
  An ARP request goes out for 10.1.1.1 (default gateway) and the
  MAC address
  is found.
  The DLL then places the source MAC address 00.AA and the
  destination MAC
  01.AA into the frame.
  The frame then goes out the wire to the destination MAC.
  The router interface sees this frame as destined for itself.  It
  de-encapsulates the frame removing the MAC addresses.  The
  router then
  examines the IP address, based on the routing table it knows
  the destination
  port.
  The router leaves the same IP source (10.1.1.2) and destination
  (10.1.2.2)
  in the packet.
  The frame is rebuilt with the new MAC address of source 02.BB
  and
  destination 00.BB
  Host B grabs this packet and does it's thing.
 
  Now, if I replace the router with a 6509 switch, with routing,
  how does the
  process change?
  Said 6509 would be equipped with a 10/100 card so that the
  hosts are now
  directly connected.  The router interface is now a virtual
  interface, there
  is no physical interface.  Which is another question.  How does
  the 6509
  determine this virtual address?
 
  Am I correct?
  Inter VLAN communication cannot occur without a router.
  Switching is based on MAC address.
  Routing is based on IP address.
 
  I believe the term layer 3 routing is a marketing term, not
  scientific or
  engineering in nature.
 
**
  The information in this email is confidential and may be
  legally
  privileged.  Access to this email by anyone other than the
  intended addressee is unauthorized.  If you are not the
  intended
  recipient of this message, any review, disclosure, copying,
  distribution, retention, or any action taken or omitted to be
  taken
  in reliance on it is prohibited and may be unlawful.  If you
  are not
  the intended recipient, please reply to or forward a copy of
  this
  message to the sender and delete the message, any attachments,
  and any copies thereof from your 

Re: Core Layer L2 or L3 [7:63708]

[Peter van Oene]

At 11:05 AM 2/25/2003 +, Skarphedinsson Arni V. wrote:
In a Core-Distribution-Access Layer design, would you keep the Core L2 or
with high end L2/L3 switches such as the Cat6500 do you think it would be
better to do L3 in the core ?

I personally haven't found the need to have a Distribution layer in most 
networks.  It's a model designed by vendors to sell boxes imho.

Pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63714t=63708
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: L3 Switching Huh???? [7:63728]

[Peter van Oene]

At 03:54 PM 2/25/2003 +, DeVoe, Charles (PKI) wrote:
I am under the impression that switching is a layer 2 function and that
routing is a layer 3 function.  I have seen several discussions talking
about layer 3 switching.  Could someone explain this to me?

Bridging is a layer two function, routing is a layer three 
function.  Switching is an ambiguous term and should be avoided in 
technical conversations.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63746t=63728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Core Layer L2 or L3 [7:63708]

[Peter van Oene]

At 04:08 PM 2/25/2003 +, [EMAIL PROTECTED] wrote:
In a pratical world it all comes down to your needs for your business and
the money you want to spend.  We use a collapsed core with 2 4006 with
Supervisor III's doing the layer 3 functions.  We could add a high
performance layer 2 switch for the core but it would be overkill.

I don't disagree, however merely suggest that the model was driven by a 
vendor interested in selling more devices.  Keep in mind you should also 
have a minimum of two devices per layer for resiliency ;-)

If you have a high performance core that can provide access aggregation, 
packet processing and performance all at the same time, and your port costs 
are comparable per mbps, I'm not sure why you'd buy a distribution layer 
other than to help a rep hit his number for the quarter.



-Original Message-
From: Peter van Oene [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 8:13 AM
To: [EMAIL PROTECTED]
Subject: Re: Core Layer L2 or L3 [7:63708]

At 11:05 AM 2/25/2003 +, Skarphedinsson Arni V. wrote:
 In a Core-Distribution-Access Layer design, would you keep the Core L2 or
 with high end L2/L3 switches such as the Cat6500 do you think it would be
 better to do L3 in the core ?

I personally haven't found the need to have a Distribution layer in most
networks.  It's a model designed by vendors to sell boxes imho.

Pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63782t=63708
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: L3 Switching Huh???? [7:63728]

[Peter van Oene]

At 04:46 PM 2/25/2003 +, Robert Edmonds wrote:
Layer 3 switching combines the best of switching and routing in one
platform.  The main advantage here is speed.  The way it works is, in a
switch you have some kind of layer 3 routing engine (aka route processor, or
RP).  For example, the MSFC2 (Multilayer Switch Feature Card 2) is one of
the options available for the Cisco 6500 (and a couple of others, I think)
switches.  When the switch receives a packet bound for a different VLAN, it
sends it to the RP.  The RP makes the routing decision and puts an entry in
the route cache for the switch.  The first packet in a flow is routed and
the rest are switched at wire speed, hence the increase in speed.  That's
kind of a simplified view, but I think it gets the general idea across.  So,
layer 3 switching is both routing and switching, but faster (usually,
anyway).

One should keep in mind that many vendors including Cisco have been capable 
of doing per packet routing at wire speed for some time and thus this 
advantage is a legacy attribute.



DeVoe, Charles (PKI)  wrote in message
news:[EMAIL PROTECTED]
  I am under the impression that switching is a layer 2 function and that
  routing is a layer 3 function.  I have seen several discussions talking
  about layer 3 switching.  Could someone explain this to me?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63783t=63728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: L3 Switching Huh???? [7:63728]

[Peter van Oene]

At 06:03 PM 2/25/2003 +, Ellis, Andrew wrote:
According to Cisco:

Layer 3 switching refers to a class of high-performance switch routers
optimized for the campus LAN or intranet, providing wirespeed Ethernet
routing and switching services.

Compared to other routers, Layer 3 switch routers process more packets
faster by using application-specific integrated circuit (ASIC) hardware
instead of microprocessor-based engines.

My own two cents: Wire speed routing if you will.

By that logic, a wire speed router is a layer three switch :-)  It's all 
marketing garbage if you ask me.   If you put a router inside a high 
performance switch, you have two devices sharing the same chassis, one 
bridging and one routing.

Drew


-Original Message-
From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: L3 Switching Huh [7:63728]


I am under the impression that switching is a layer 2 function and that
routing is a layer 3 function.  I have seen several discussions talking
about layer 3 switching.  Could someone explain this to me?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63785t=63728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Core Layer L2 or L3 [7:63708]

[Peter van Oene]

At 11:17 PM 2/25/2003 +, you wrote:
Peter,

The current rumour for the Academy CCNP program is that Cisco is dropping
the 3 layer model and moving to a 2 layer model with L3 in the core for
the BCMS course.  I guess I'll find out for certain at Networkers in
Orlando, Fla. this June.

That would be very interesting.  I am always leery of vendor models as they 
tend to have the vendor foremost in their mind :-)  I always try and 
caution folks not too build hierarchy just to have it.  Naturally, your 15 
router OSPF network's visio diagram exudes a great deal more sharpness when 
it has a nice backbone and some number of non-backbone areas.  However, in 
reality, many networks -large and small- are served far better with non 
hierarchical topologies.   I am naturally digressing from the topic of 
three layer networks, but I think the message is the same.  As others have 
pointed out, don't give in to the desire to build really neat networks that 
use a lot of technology unless you actually have a need for them.  This to 
me would include building 3 layer networks where 2 layer ones would suffice 
(and be cheaper in both CAPEX and OPEX)

Just my .02c as I sit here snowed-in in Arkansas of all places :-)  Who 
would think I'd fly from Toronto to Littlerock and end up stuck in more 
snow than I left!

Pete


Prof. Tom Lisa, CCAI
Community College of Southern Nevada
Cisco ATC/Regional Networking Academy
Cunctando restituit rem

Peter van Oene wrote:

   At 11:05 AM 2/25/2003 +, Skarphedinsson Arni V. wrote:
   In a Core-Distribution-Access Layer design, would you keep the Core
   L2 or
   with high end L2/L3 switches such as the Cat6500 do you think it
   would be
   better to do L3 in the core ?

   I personally haven't found the need to have a Distribution layer in
   most
   networks.  It's a model designed by vendors to sell boxes imho.

   Pete
   [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63816t=63708
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer3 Routers VS Switches [7:63072]

[Peter van Oene]

At 12:22 PM 2/15/2003 +, Juntao wrote:
indeed with L3 switching, we can more closely arrive at wire speed, but in
the course of my practice, i seen L3 switches mainly interconnecting Lan's,
yes a flexwan modul exists to interconnect wan's on the same box but usually
we like to separate the lan's from wans for the sack of issolation and
greater security implementation options.

Routers have delivered OC-192 wire speed routing for a few years now.  I 
personally don't know what an L3 switch is technically.  It reminds me of 
the L2 switch.  Just another bit of marketing.


i hope the above helps

Larry Letterman  a icrit dans le message de news:
[EMAIL PROTECTED]
  L3 is usually considered to be wire speed and uses faster
  asics...
  Routers such as 7200/7500 use older slower hardware to
  route...
 
 
 
  Larry Letterman
  Network Engineer
  Cisco Systems
 
 
  - Original Message -
  From: Nanda
  To:
  Sent: Friday, February 14, 2003 4:46 PM
  Subject: Layer3 Routers VS Switches [7:63072]
 
 
   Hi Guys...
  
   We have Layer3 Switches and routers...In what scenario one
  would ideally use
   Layer3 switches over routers..
   Do They have any significant advantage over using
  routers
   Why do they have layer3 switches when we have routers are
  good enough to do
   the job...
   I am confused...I wud appreciate if someone cud clarify.
  
   Thanks in Advance
   __
   With Warm Regards...
   Nanda
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63108t=63072
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Myers Briggs Re: OT: New Instructor Experiences [7:62826]

[Peter van Oene]

 There's more about the Myers Briggs personality sorter here:
 
 http://keirsey.com/
 
 Anyone else want to share what they are, or have we wasted enough
bandwidth
 on this already? :-)
 
 Priscilla
 

First, you're correct about the mix of learning styles in my class.
This is just a three-hour overview of networking and TCP/IP, and it is a
little difficult to convey the necessary information without a portion
of the class getting lost or falling asleep.  :-)  I've heard good
things about the class yesterday that I thought went so poorly so
perhaps I was overreacting.

As for Myers Briggs, I'm a fellow INTJ.  However, I really dislike
their testing process.  It seems to consist of Given a certain
situation would you do A or would you do B with no room for a 'maybe'
answer.  At least a third of the time I wish there were a sometimes A
and sometimes B answer.  Perhaps that means I'm an INTJ with definite
ISTJ leanings?

John

ENTP here :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62960t=62826
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP config question. [7:62860]

[Peter van Oene]

At 01:36 PM 2/12/2003 +, Peter Walker wrote:
Folks

A quick question on external BGP connection configuration.

Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two upstream
providers (pr1, and pr2) where provider pr1 is currently linked to the
router up1 via a serial link and provider pr2 is currently linked to router
up2 via a traffic shaped and limited ethernet link. ORG is does not allow
transit between the providers.

Is there any reason why ORG should not

 a) connect pr1 to the same ethernet segment
 b) form bgp neighbor relationship with BGP peer at provider pr2
 c) advertise appropriate MED values requesting that pr2 prefer up2
 d) set local preference to prefer link via up2 to pr2 over up1 to
pr2


I'm not sure if you are messing up your prs and ups here, but I'm not 
following you entirely. Why would you not just peer both routers and use 
prepend/med and pref to control load like most folks do? Maybe explaining 
what is better or different about this approach would help explain what the 
approach is :)

Pete





What I am looking for is technical (or business/political) reasons why this
is a good or bad idea.

I understand that all this would give is redundancy at the router level
(up1, up2), the ethernet link and pr2's router are all still potential
single points of failure. I also understand that pr2 may not wish to allow
such a configuration.

Also, what would need to be done to ensure that any changes made would not
have any impact on decisions regarding the routing choice between pr1 and
pr2?

Regards

 Peter




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62864t=62860
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP config question. [7:62860]

[Peter van Oene]

At 03:59 PM 2/12/2003 +, Peter Walker wrote:
Yep you are right.

Lets try that again ...

a) connect up1 to the same ethernet segment
b) form bgp neighbor relationship with BGP peer at provider pr2
c) advertise appropriate MED values requesting that pr2 prefer
 up2
 d) set local preference to prefer link via up2 to pr2 over
 up1 to pr2

In terms of what I am asking is, are there any issues with having two 
'redundant' bgp links from two different routers in one AS over a single 
multi-access link to a single router in another AS.

So basically you have two routers and both r1 and r2 connect to the same 
router on the provider side while r1 also maintains a connection to another 
router on the provider side.   In this case, you don't really buy yourself 
much other than router redundancy on your side.  The cost is purely in 
control traffic that will transit the ethernet link.  BGP isn't that chatty 
unless peering sessions are flapping (which would be abnormal) so this 
shouldn't be a big problem.  Only other cost would be additional config 
complexity which might impede troubleshooting.  Beyond that, things should 
work fine as long as the provider agrees to set it up.

Pete




It seems to me that this would be a simple no-brainer type of change to 
make, but I just have a nagging suspicion that there is some gotcha 
waiting to jump out when you least expect it. None of the sample 
configurations I have seen seem to mention this sort of config and I was 
wondering if there was some reason why it shouldnt be done, or if it was 
just one of those obscure variations of common configurations that did not 
warrant it's own explicit mention.

Peter

--On 12 February 2003 14:27 + Peter van Oene  wrote:

At 01:36 PM 2/12/2003 +, Peter Walker wrote:
Folks

A quick question on external BGP connection configuration.

Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two
upstream providers (pr1, and pr2) where provider pr1 is currently linked
to the router up1 via a serial link and provider pr2 is currently linked
to router up2 via a traffic shaped and limited ethernet link. ORG is
does not allow transit between the providers.

Is there any reason why ORG should not

 a) connect pr1 to the same ethernet segment
 b) form bgp neighbor relationship with BGP peer at provider pr2
 c) advertise appropriate MED values requesting that pr2 prefer
 up2 d) set local preference to prefer link via up2 to pr2 over
 up1 to
pr2


I'm not sure if you are messing up your prs and ups here, but I'm not
following you entirely. Why would you not just peer both routers and use
prepend/med and pref to control load like most folks do? Maybe explaining
what is better or different about this approach would help explain what
the  approach is :)

Pete





What I am looking for is technical (or business/political) reasons why
this is a good or bad idea.

I understand that all this would give is redundancy at the router level
(up1, up2), the ethernet link and pr2's router are all still potential
single points of failure. I also understand that pr2 may not wish to
allow such a configuration.

Also, what would need to be done to ensure that any changes made would
not have any impact on decisions regarding the routing choice between
pr1 and pr2?

Regards

 Peter
Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62878t=62860
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 6500 vs 7200 VXR [7:62892]

[Peter van Oene]

At 06:37 PM 2/12/2003 +, Brett Johnson wrote:
What benefits can a Catalyst 6500 switch provide that a 7200 router cannot?
Are the FLEXWAN modules a reliable product or is it better to separate your
WAN traffic devices from you LAN devices?  What about the performance of the
FLEXWAN modules?  I am just trying to understand if money is no object why
would someone buy a 7200 router over a Catalyst 6500 with FLEXWAN modules.
Thank you, sorry if this is too vague.

I personally would recommend separating L2 switching from routing 
myself.  Purpose built platforms tend to have optimal cost efficiencies and 
stable software.   Nice, fast, cheap L2 switching to the desktop tapped 
into a decent routed backbone sounds ideal to me.  Small broadcast domains 
are quite helpful as well, unless you are a big fan of Sapping Tree.



Brett




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62906t=62892
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Simple Ip issue (need help) [7:62728]

[Peter van Oene]

At 06:18 PM 2/10/2003 +, Priscilla Oppenheimer wrote:
You can't have duplicate IP addresses anywhere. They have to be unique. The
only exceptions would be if you were doing some sort of NAT or tunneling or
something and the duplicates were hidden from each other.

You don't get an error when you try to configure it because it's a lot
harder for IOS to detect this on a serial interface than on an Ethernet
interface. On Ethernet, a Cisco router ARPs for the address you give it. If
it receives a reply, then it gives you an error and won't let you use the
address. There's no ARP in serial land.

You think you're pinging successfully, but how do you know who is really
replying?

Even if you could assign duplicate IP addresses, you shouldn't. You would
wreak havoc with all sorts of things. There's no reason to do it either. If
you're concerned with running out of addresses, just use private address.
The 10.0.0.0 network has 16 million possibilities.

For what it's worth, duplicating the same IP across a set of DNS servers in 
the same AS can provide an interesting spin on resiliency.  So long as you 
configure unique IP's for normal communication.  This sort of thing works 
good for protocols that are stateless (UDP DNS)

Anycast-RP in PIM networks also uses the same IP on multiple boxes :-)

Someone had to get blunt here! :-)

Someone had to split some hair !



___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com




Ladrach, Daniel E. wrote:
 
  If you ping you are probably pinging the Local IP.Try debug ip
  icmp to
  verify what you are pinging.
 
  Daniel Ladrach
  CCNP, CCNA
  WorldCom
 
 
 
  -Original Message-
  From: Monu Sekhon [mailto:[EMAIL PROTECTED]]
  Sent: Monday, February 10, 2003 12:03 PM
  To: [EMAIL PROTECTED]
  Subject: RE: Simple Ip issue (need help) [7:62728]
 
 
  Hi All,
  Thanx again for all for contribution
  confusion still there ,
  I am pinging remote side and I am able too.
  any comments from all(still confused with answers)
 
  Walker, James - Is wrote:
  
   Only problem is which side are you pinging
  
  
  
  
   -Original Message-
   From: John Murphy [mailto:[EMAIL PROTECTED]]
   Sent: Monday, February 10, 2003 11:15 AM
   To: [EMAIL PROTECTED]
   Subject: Re: Simple Ip issue (need help) [7:62728]
  
  
   If you're asking what I think you're asking, then I think your
   answer is
   yes, but you won't be able to pass any traffic across the
   circuit.  Unless
   you've confused me (it doesn't seem I would be the only one),
   then the
   answer might not be the same.
  
  
   - Original Message -
   From: Monu Sekhon
   To:
   Sent: Monday, February 10, 2003 12:13 AM
   Subject: Simple Ip issue (need help) [7:62728]
  
  
Hi All,
I have very simple question, Can we use duplicate ips on
   serial interfaces
among them seleves although we cannot use duplicate ip on
   serial with
Ethernet(lan interface) or loopback interface.
   
   
My topology is like this
   
Client router server router(connected back to back)
  2 interfaces   2 inetrfaces
   
   
these routers connected back to back
   
   
configuration
int serial 0/0
encap hdlc
ip address 1.1.1.1 255.255.255.0
   
int serial 0/1
ip address 1.1.1.1 255.255.255.0
encap hdlc
   
   
   
now if all the two interfaces of serial even if given
   duplicate ip among
themselves works fine. no error from cli .interfaces are up
and i am able to ping remote side.
   
   
   
The ques is that
   
1) Lan interface also was in different subnet but serial
   interface
doesnot accept that ips as duplicate or of loopback
   
2)What Implication such have on my design ,any limitation it
   has
   
Does this type of design can be used,
   
This is small thing is confusing me about ip.
   
Thanx  in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62780t=62728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Simple Ip issue (need help) [7:62728]

[Peter van Oene]

At 01:20 AM 2/11/2003 +, Priscilla Oppenheimer wrote:
No problem with the splitting of hairs. :-)

I have been wondering why Cisco lets you do what the original poster is
doing, which most of us misunderstood. He is using the same IP address on 2
serial interfaces on the SAME router.

Sonet APS comes to mind?  I usually use a /29 with 4 addresses, but you 
could use the same address.

If you try to use the same IP address on two Ethernet interfaces, you just
get an error when you try to configure the second Ethernet interface.

I can't think of a practical use for this myself.

With two serial interfaces, you don't get an error. Is this just an
oversight? There are many such oversights in Cisco IOS. :-) Or maybe there
is a real reason to do it.

The more I think about it (over the last two paragraphs of your msg) the 
more APS seems the likely candidate. If you couldn't, this would be 
restrictive in some cases.  Of course I'm thinking APS capable interfaces.

I said in my original message that there's no ARP on serial interfaces so
the router can't easily figure out if anyone else is using its address like
it does on Ethernet. On Ethernet the router can send an ARP to see if
someone else replies. But that's someone else on the LAN connected to the
interface, not another interface on the same router.

So, if it gives you an error on Ethernet when you use an address you have
already used on another Ethernet interface, why doesn't it give you an error
for serial interfaces? Maybe there's an actual technical reason, although
probably it's just an oversight.

By the way, it lets you configure an Ethernet interface to use an address
already in use on a serial interface, but if you try to do it in the other
order then you get an error. That's probably just another oversight.

Would agree here.  Might be something to do with internal mechanisms to map 
macs to IPs.  Ie, if an interface is added, check the mac/ip binding list 
for duplicates and error if there is one.  Such a mechanism wouldn't be 
relevant in SONET and for the APS reasoning, it may be expected that some 
interfaces share the same address.

Cisco has always given you enough rope to hang yourself. Decent error
messages have never been any more important than ease-of-use. :-)

Priscilla

Peter van Oene wrote:
 
  At 06:18 PM 2/10/2003 +, Priscilla Oppenheimer wrote:
  You can't have duplicate IP addresses anywhere. They have to
  be unique. The
  only exceptions would be if you were doing some sort of NAT or
  tunneling or
  something and the duplicates were hidden from each other.
  
  You don't get an error when you try to configure it because
  it's a lot
  harder for IOS to detect this on a serial interface than on an
  Ethernet
  interface. On Ethernet, a Cisco router ARPs for the address
  you give it. If
  it receives a reply, then it gives you an error and won't let
  you use the
  address. There's no ARP in serial land.
  
  You think you're pinging successfully, but how do you know who
  is really
  replying?
  
  Even if you could assign duplicate IP addresses, you
  shouldn't. You would
  wreak havoc with all sorts of things. There's no reason to do
  it either. If
  you're concerned with running out of addresses, just use
  private address.
  The 10.0.0.0 network has 16 million possibilities.
 
  For what it's worth, duplicating the same IP across a set of
  DNS servers in
  the same AS can provide an interesting spin on resiliency.  So
  long as you
  configure unique IP's for normal communication.  This sort of
  thing works
  good for protocols that are stateless (UDP DNS)
 
  Anycast-RP in PIM networks also uses the same IP on multiple
  boxes :-)
 
  Someone had to get blunt here! :-)
 
  Someone had to split some hair !
 
 
 
  ___
  
  Priscilla Oppenheimer
  www.troubleshootingnetworks.com
  www.priscilla.com
  
  
  
  
  Ladrach, Daniel E. wrote:
   
If you ping you are probably pinging the Local IP.Try debug
  ip
icmp to
verify what you are pinging.
   
Daniel Ladrach
CCNP, CCNA
WorldCom
   
   
   
-Original Message-
From: Monu Sekhon [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 10, 2003 12:03 PM
To: [EMAIL PROTECTED]
Subject: RE: Simple Ip issue (need help) [7:62728]
   
   
Hi All,
Thanx again for all for contribution
confusion still there ,
I am pinging remote side and I am able too.
any comments from all(still confused with answers)
   
Walker, James - Is wrote:

 Only problem is which side are you pinging




 -Original Message-
 From: John Murphy [mailto:[EMAIL PROTECTED]]
 Sent: Monday, February 10, 2003 11:15 AM
 To: [EMAIL PROTECTED]
 Subject: Re: Simple Ip issue (need help) [7:62728]


 If you're asking what I think you're asking, then I think
  your
 answer is
 yes, but you won't be able to pass any traffic across

Re: BGP exam study recommendations [7:62784]

[Peter van Oene]

At 11:40 PM 2/10/2003 +, Peter Walker wrote:
Folks

I am wondering if anyone has any recommendations for BGP study. I am
booked in for the BGP beta exam on Friday and still dont feel
comfortable with my level of BGP knowledge.  I have read the following
over the last few months

 Halabi - Internet Routing Architectures.
 Doyle Vol 2 (BGP sections)
 John Stewart III (BGP4 book)
 William Parkhurst (The RFC stuff at the back
 and some of the command reference)

I am going to go back and reread some of Halabi, all of the Parkhurst
command reference chapters and probably some of the RFCs.

Does anyone have any additional 'must-read' references that I should
look at before Friday? I realise that I have all the basic info that I
need and, to be honest, feel that I could pass the test already. However
I am one of those people that want to understand things at the
gut/instinct level and I really dont feel that I am at that point yet.

If you read all this stuff and still don't understand BGP the way you would 
like to, more books likely aren't what you need.  I would focus more on 
hands on work.  Many folks learn better by doing than reading (me for one 
:).  If you are a Certificationzone subscriber, Howard Berkowitz has a 
three tutorial set on BGP that come with some labs to help illustrate 
points which might help.  But I'm sure just working through some configs on 
a lab while following along with your reading material might be the best bet.

Pete


Any other suggestions?

Peter Walker
 CISSP, CSS1, CC[NID]P, etc




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62788t=62784
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Distribute-list out in ISIS - NOT working!!....Why?? [7:62643]

[Peter van Oene]

At 03:46 PM 2/7/2003 +, Cisco Nuts wrote:
Hello,I am trying to use a distribute-list out serial 1 in
isis...basically blocking an Ospf route from being leaked into the Isis
domain. It lets me type in the commands but when I do a show run, the
commands are not there!!  Why??On the neighboring  isis router, I do not
even get an option to set the distribute-list in??Now I know, in Ospf the
distribute-list out does not work  but did not know about this in Isis?Can
anyone shed light on this? I had to use a redistribute connected with a
route-map option.Here is my config:R3-B(config)#router isis

You can't filter individual networks on an interfaces basis in a link state 
protocol.  You can only filter them as they are generated, or more 
specifically identified for population in LSA/LSPs.  Once in the LSA/LSP, 
they flood naturally.


R3-B(config-router)#distribute-list 51 out serial 1
R3-B(config-router)#endR3-B#rbr
router isis
  redistribute connected metric 3 route-map serial level-1
  redistribute rip metric 3 level-1
  net 00...0003.00
  is-type level-1 Thank you.Sincerely,CN



Help STOP SPAM with the new MSN 8 and get 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62643t=62643
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Reminder about Out of Office Messages [7:62645]

[Peter van Oene]

When you leave work for a while, can you please try and make sure that your 
out of office assistant doesn't respond to mailing lists :)  This generates 
a lot of superfluous mail.

Thanks and sorry for the OT post.

Pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62645t=62645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: question(routing) [7:62490]

[Peter van Oene]

At 08:02 AM 2/5/2003 +, kaushalender wrote:
Hello group,

Kindly resolve my confussion.I have cisco 2610 router.We r running
static routing with our service provider .Now what is happening that
suddely my http request stoped going out means there was no browsing on
   lan and customer I was able to telnet every website on port 80 that
means i able to reach website till apllication layer from my pc .Now how
can i find out what is killing my http request in my network . and my
service provider is saying that from my side huge amount of routing
loops is coming but i have put whole announced network on ethernet. This
is the conf .PLz help me

If you had routing loops, everything would be broken, not just http.  Try 
traceroutes from a site like route-views.oregon-ix.net into your network 
and likewise outbound to prove out your routing config.  Beyond that, look 
at things that are impacting performance and layer 4 and above.

Also, ask your ISP to clarify what they mean by loops.  Given you run 
statically to them, I'm not sure what they mean.



sh run
  Building configuration...
  
  Current configuration : 4962 bytes
  !
  version 12.2
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  !
  hostname Rainbow
  !
  logging buffered 1 debugging
  no logging console
  aaa new-model
  aaa authentication login default local group radius
  aaa authorization exec default local group radius
  enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1
  enable password 7 000D0016457B525F56
  !
  username rainbow password 7 095E4F0017071805
  
  clock timezone GMT 5
  clock summer-time GMT recurring
  ip subnet-zero
  no ip source-route
  ip wccp version 1
  ip flow-cache timeout inactive 300
  ip flow-cache timeout active 1
  ip cef
  !
  !
  ip name-server 202.78.168.6
  ip name-server 202.78.168.14
  
  p name-server 202.54.15.1
  !
  !
  class-map match-any http-hacks
match protocol http url *.ida*
match protocol http url *cmd.exe*
match protocol http url *root.exe*
match protocol http url *readme.eml*
  !
  !
  policy-map mark-inbound-http-hacks
class http-hacks
 set ip dscp 1
  !
  
  !
  interface Ethernet0/0
   ip address 202.78.164.3 255.255.252.0 secondary
   ip address 202.54.194.65 255.255.255.224 secondary
   ip address 202.78.168.26 255.255.248.0
   ip access-group 115 in
   ip access-group 115 out
   no ip proxy-arp
   rate-limit input access-group 121 48000 52000 52000 conform-action
  transmit exceed-action drop
   rate-limit input access-group 122 32000 32000 32000 conform-action
  transmit exceed-action drop
   rate-limit output access-group 110 64000 64000 64000 conform-action
  transmit exceed-action drop
   rate-limit output access-group 121 296000 30 30 conform-action
  transmit exceed-action drop
   rate-limit output access-group 122 32000 32000 32000 conform-action
  transmit exceed-action drop
   no ip mroute-cache
   full-duplex
   service-policy input mark-inbound-http-hacks
  service-policy output mark-inbound-http-hacks
   no cdp enable
  interface Serial0/0
   bandwidth 512
   no ip address
   no ip mroute-cache
   shutdown
   no fair-queue
  !
  interface Serial0/1
   bandwidth 512
   no ip address
   no ip route-cache
   no ip mroute-cache
   shutdown
  !
  interface Serial0/2
   no ip address
   shutdown
  !
  interface Serial0/3
   description OASIS LINK
  ip address 216.252.243.5 255.255.255.252
   ip access-group 107 in
   ip access-group 107 out
   rate-limit input 64000 128000 128000 conform-action transmit
  exceed-action drop
   rate-limit output 64000 128000 128000 conform-action transmit
  exceed-action drop
   encapsulation ppp
  !
  interface Serial1/0
   description Shapura Link
   ip address 216.252.243.1 255.255.255.252
   ip access-group 107 in
   ip access-group 107 out
   rate-limit input 32000 32768 32768 conform-action transmit
  exceed-action drop
  
  interface Serial1/1
   description DOIT LINK
   bandwidth 128
   ip address 216.252.243.17 255.255.255.252
  rate-limit input 32000 65536 65536 conform-action transmit exceed-action
  drop
   rate-limit output 32000 65536 65536 conform-action transmit
  exceed-action drop
   encapsulation ppp
   service-policy input mark-inbound-http-hacks
   service-policy output mark-inbound-http-hacks
  !
  nterface Serial1/2
   no ip address
   shutdown
  !
  interface Serial1/3
   description vsnl link
   ip address 202.54.192.66 255.255.255.252
   ip access-group 115 in
   ip access-group 115 out
   encapsulation ppp
   service-policy input mark-inbound-http-hacks
   service-policy output mark-inbound-http-hacks
  !p flow-export source Ethernet0/0
  ip flow-export version 5 peer-as
  ip flow-export destination 202.78.168.2 2055
  ip classless
  ip route 0.0.0.0 0.0.0.0 202.54.192.65
  ip route 202.78.160.0 255.255.252.0 203.129.200.193
  ip route 202.78.167.0 255.255.255.240 202.78.164.2
  ip 

Re: 7500 Router CPU rocketing to 90% [7:62530]

[Peter van Oene]

At 07:18 PM 2/5/2003 +, Mohsin Hussain wrote:
We have 2 7500 routers with CIPs installed. Recently the router started to
have its CPU shooting upto 90%. When show process cpu is run. It does not
show what process is causing this because none of the processes are or add
upto 80 or 90%. Only two processes: IP input at 10% and cls background at
14%. The rest of the processes are at 0 or 0.1%.

I would call the TAC on this.

Are there hidden processes that could be cause of the high cpu utilization?
If so how can it be seen (i.e  any show commands?.

Thanks,

Mohsin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62535t=62530
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Wrong definition type 4 summary LSA for ASBRs [7:61615]

[Peter van Oene]

The AS external ASBR summary link- This LSA is sent to a router that
connects
to the outside world (ASBR). It is sent from the Area Border Router to the
Autonomous System Boundary Router. The LSA contains the metric cost from the
ABR to the ASBR. This is identified as a Type 4 LSA.

In my opinion this is wrong, isn't it? Or maybe I'm missing something?

The problem is, it is quite easy to get a contract for book writing these 
days.  Furthermore, many publishers (not picking on any one in particular) 
are bring books to market before a proper editing (technical/copy/etc) 
process has been completed.  Hence, I highly recommend you buy books that 
are either highly recommended, or written by authors who are either 
authoritative on the subject (ie participated in the spec development) or 
those that have a reputation for writing quality materials.  There is 
unfortunately a fair amount of not very top notch books out there.

Pete


My understanding is that a type 4 summary LSA is originated by ABRs.It is
sent
into an area by the ABR to advertise the AS boundary routers.

Could someone confirm my understanding?

Eric Brouwers




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61847t=61615
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF to Internet Q [7:61823]

[Peter van Oene]

Why not just push default into your OSPF network from a router(s) with a 
direct link to your firewall.  Then your firewall simply points default to 
the BGP speaking router (or uses vrrp or some igp for resilient routing in 
the case of multiple routers)

Running BGP through your firewall, or redistributing from BGP to OSPF or 
vice versa don't sound like great ideas to me.

I am likewise somewhat confused by the question however :-)  You might be 
better off presenting the topology and asking for routing protocol 
recommendations.

Pete



At 06:29 PM 1/25/2003 +, Steve Ringley wrote:
That is why I am asking the question - it is unclear!  Let me try it this
way:

If we take the textbook Internet setup, we would have an

outside router - BGP
firewall
inside router - OSPF ASBR to BGP
core router - OSPF backbone

On the inside router, would I create an ASBR with area 0 defines on the
inside to core connection

or

Would I create an new OSPF area to define the connection between the inside
router and the core router?


There are several of these types of connections in the larger network, and
there is an expectation that if one of these goes down the OSPF and BGP will
figure it out and shift traffic to the working connections.

Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I'm afraid your question isn't clear.

By definition, an ASBR connects two unlike networks, one that is running
OSPF and one that isn't. So, the ASBR will connect to the Internet in your
example.

Steve Ringley wrote:
 
  I have an OSPF network, and I have my Internet connections.  Do
  I:
 
  ASBR where traffic goes from area 0 to the Internet

Is that where your Internet connection is? In area 0? Often, it is, and
that's where your ASBR will be.

 
  or
 
  ASBR where traffic goes to an area x then to the Internet?

Goes from where to an Area x and then to the Internet?? This is where your
question gets unclear. But if you are considering putting an ASBR between
Area x and Area 0, then that doesn't make sense. It's not an ASBR because
it's connecting two OSPF networks. If your Internet connection is in Area X,
you will have an ASBR that connects the OSPF world to the Internet, sitting
on the edge of Area X.

Are you asking if the ASBR should be in Area 0? I think the answer is yes,
if it can, but sometimes that's simply not possible on large internetworks
with multiple egress points.

If I completely missed what you're getting at, sorry!

Priscilla


 
  This was never clear to me from my reading.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61862t=61823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE written RS [7:60606]

[Peter van Oene]

At 02:57 PM 1/8/2003 +, you wrote:
Hi to all,

I wanted to know if there are any type in questions(type the command in) on
the CCIE written, for RS.

Answering that would violate the NDA in my opinion.  If there are, you'll 
certainly be prepared on your second attempt should they cause you not to 
pass the first :-)


Thanks

Kash



-
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60702t=60606
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF state [7:60572]

[Peter van Oene]

  Routers on a multi-access segment where a DR and BDR exist may be
  neighbors, but not form an adjacency.  All the non DR/BDR routers will
not
  become adjacent with one another, however they will still be neighbors.
 
  I think you knew this already though :)


OK. kinda like in my neighborhood where all of us live on the same block,
but most of us don't talk to eachother?  ;-

Are you sure it's not just you they don't talk to?  It could be that you 
haven't come out of your house after hours in 2 years as you chase your 
number :-)





 
  Pete
 
 
 
   
JMcL
   
The Long and Winding Road wrote:

 John Brandis  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi All,
 
  can you tell I am having fun with OSPF ??
  Any way, I am playing with OSPF on different network types. I
 wish to see
 if
  i have a full adjacency or if I have only acheieved a neigbor
 state on
  certain types of networks. Where, can I find what state I am
 currently in,
  and what router is the DR/BDR. At moment, I am on point-point
 link and I
 am
  expecting not to see any election of DR/BDR.


 show ip ospf neighbor
 show ip ospf neighbor detail

 can add ip addresses in there to see just a single neighbor.

 I'm a bit confused, though, by what you mean when you say
 neighbor state
 versus adjacency If you don't have adjacency, you don't have
 anything. (
 don't got adjacency, you don't got s**t, as they say in the
 hood )




 
  Thanks all.
 
  jb
 
 
 

**
 
  visit http://www.solution6.com
 
  UK Customers - http://www.solution6.co.uk
 
 

**
 
  The Solution 6 Head Office and Branch in Sydney is moving
 premises.
 
  From Monday 25th November our Head Office and NSW Branch will
 be located
 at:
 
  Level 14, 383 Kent Street, Sydney NSW 2000.
 
  General Phone: 61 2 9278 0666
 
  General Fax: 61 2 9278 0555
 
 

**
 
  This email message (and attachments) may contain information
 that is
  confidential to Solution 6. If you are not the intended
 recipient you
 cannot
  use, distribute or copy the message or attachments.  In such
 a case,
 please
  notify the sender by return email immediately and erase all
 copies of the
  message and attachments.  Opinions, conclusions and other
 information in
  this message and attachments that do not relate to the
 official business
 of
  Solution 6 are neither given nor endorsed by it.
 
 

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60703t=60572
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF state [7:60572]

[Peter van Oene]

At 06:24 PM 1/8/2003 +, The Long and Winding Road wrote:
Jenny McLeod  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  As well as show ip ospf neighbour suggested below, show ip ospf int
is
  worth looking at.
 
  TLaWR, I think you've had a brain fade.  Routers can be neighbours but
not
  adjacent.  But you knew that?


Is this one of those tree falling in the forest questions? I personally
don't consider that two OSPF routers can have a neighbor relationship
without being adjacent. Call me one of those retentive types.

I am always willing to learn. So how would to OSPF routers be neighbors if
they are not adjacent? I appreciate they can be on the same link, just like
my own neighbors live on the same street. That doesn't mean there is a
relationship.

Routers on a multi-access segment where a DR and BDR exist may be 
neighbors, but not form an adjacency.  All the non DR/BDR routers will not 
become adjacent with one another, however they will still be neighbors.

I think you knew this already though :)

Pete



 
  JMcL
 
  The Long and Winding Road wrote:
  
   John Brandis  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi All,
   
can you tell I am having fun with OSPF ??
Any way, I am playing with OSPF on different network types. I
   wish to see
   if
i have a full adjacency or if I have only acheieved a neigbor
   state on
certain types of networks. Where, can I find what state I am
   currently in,
and what router is the DR/BDR. At moment, I am on point-point
   link and I
   am
expecting not to see any election of DR/BDR.
  
  
   show ip ospf neighbor
   show ip ospf neighbor detail
  
   can add ip addresses in there to see just a single neighbor.
  
   I'm a bit confused, though, by what you mean when you say
   neighbor state
   versus adjacency If you don't have adjacency, you don't have
   anything. (
   don't got adjacency, you don't got s**t, as they say in the
   hood )
  
  
  
  
   
Thanks all.
   
jb
   
   
   
   **
   
visit http://www.solution6.com
   
UK Customers - http://www.solution6.co.uk
   
   
   **
   
The Solution 6 Head Office and Branch in Sydney is moving
   premises.
   
From Monday 25th November our Head Office and NSW Branch will
   be located
   at:
   
Level 14, 383 Kent Street, Sydney NSW 2000.
   
General Phone: 61 2 9278 0666
   
General Fax: 61 2 9278 0555
   
   
   **
   
This email message (and attachments) may contain information
   that is
confidential to Solution 6. If you are not the intended
   recipient you
   cannot
use, distribute or copy the message or attachments.  In such
   a case,
   please
notify the sender by return email immediately and erase all
   copies of the
message and attachments.  Opinions, conclusions and other
   information in
this message and attachments that do not relate to the
   official business
   of
Solution 6 are neither given nor endorsed by it.
   
   
   *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60629t=60572
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 6500 IOS / CatOS [7:60499]

[Peter van Oene]

At 02:21 PM 1/7/2003 +, Jay Greenberg wrote:
What would be better suited to a large ISP's Gigabit Backbone?
6500 SUP2/MSFC2/PFC2 with CatOS or IOS?  Is it just about personal
preference or are there stability / usability issues?

I'm not aware of any large ISPs who use 6500's as core routers.


Thanks,

Jay Greenberg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60506t=60499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Vs. BS or MS degree [7:59481]

[Peter van Oene]

A   BTW, I do consider this a fundamentally silly discussion, but I think
it's somewhat relevant for newbies to know that neither the cert nor
the degree is the ultimate answer.

If you have a BS degree, CCIE will add more benefits than MS for you.
Sure, if you want to plug routers in for a living.



   OK. I'll provide the straight line.
  
   What IS the ultimate answer? You know, to Life? The Universe? And
   Everything?!?  ;-
 
  Forty-Two.  But what was the question again?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60547t=59481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Vs. BS or MS dergree [7:59481]

[Peter van Oene]

I would just like to reiterate that the graduate degree (master's or PhD)
provides you a whole lot more flexibility than the CCIE ever can.  With a
graduate degree, you can branch out far and beyond network engineering.

That this thread subsists continues to amaze me.  The CCIE, challenging 
though it may be, is just a vendor test.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60064t=59481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: virtual link and nssa [7:59174]

[Peter van Oene]

On Fri, 2002-12-13 at 05:59, Sara Li wrote:
 Dear all, I am doing the cyscoexpert sample lab.
 R1--area12--R2---Area51---R5---Area0 area 12 cant receive lsa type 5
 routes, so it need to be either a nssa or stub, however, there is virtual
 link between r2 and r5, can r2 be configured with stub or nssa at the
 same time with virtual link to r5? i thought i read it somewhere stub
 cant be virtual link? Pls help.  

Virtual Links must not use stub areas for transit due to the fact that
the virtual link does not provide for type 5 flooding, and therefore
expects the transit area to provide these LSAs.  An NSSA area is a stub
area.

Pete


 
 
 
 Tired of spam? Get advanced junk mail protection with MSN 8.
 .




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59174t=59174
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: virtual link and nssa [7:59174]

[Peter van Oene]

On Fri, 2002-12-13 at 09:25, Casey, Paul (6822) wrote:
 Use a GRE tunnel to create a virtual link through a NSSA, it the only
 way,.,,

With a tunnel, you will obviate the need for the VL in the first place.

 
 Check cisco web site for this...!!!
 
 
  -Original Message-
  From:   Peter van Oene [SMTP:[EMAIL PROTECTED]]
  Sent:   13 December 2002 14:08
  To: [EMAIL PROTECTED]
  Subject:Re: virtual link and nssa [7:59174]
  
  On Fri, 2002-12-13 at 05:59, Sara Li wrote:
   Dear all, I am doing the cyscoexpert sample lab.
   R1--area12--R2---Area51---R5---Area0 area 12 cant receive lsa type 5
   routes, so it need to be either a nssa or stub, however, there is
  virtual
   link between r2 and r5, can r2 be configured with stub or nssa at the
   same time with virtual link to r5? i thought i read it somewhere stub
   cant be virtual link? Pls help.  
  
  Virtual Links must not use stub areas for transit due to the fact that
  the virtual link does not provide for type 5 flooding, and therefore
  expects the transit area to provide these LSAs.  An NSSA area is a stub
  area.
  
  Pete
  
  
   
  

   
   Tired of spam? Get advanced junk mail protection with MSN 8.
   .


 
 This E-mail is from O2. The E-mail and any files
 transmitted with it are confidential and may also be privileged and
intended
 solely for the use of the individual or entity to whom they are addressed.
 Any unauthorised direct or indirect dissemination, distribution or copying
 of this message and any attachments is strictly prohibited. If you have
 received the E-mail in error please notify [EMAIL PROTECTED] or 
   telephone ++ 353 1 6095000.
 

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59176t=59174
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT low cost DS3 router [7:58916]

[Peter van Oene]

At 07:47 PM 12/10/2002 +, jeff sicuranza wrote:
Fellas, this request just came in from a buddy of mine, if figured while I
search I was wondering if any of you have seen or used one before.

Take off your Cisco hat for second and think about this:

What device would you use to terminate a DS3 to ethernet that is ultra low
cost. I need to find a low cost, carrier type CPE that will take a DS3 and
hand off eithernet. Low cost, low feature is the guiding word.

Last I checked, most carriers buy Cisco here.



Let me know

Thanks...

/JS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58936t=58916
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Can I configure BGP neighbor using HSRP VIP ip address of [7:58938]

[Peter van Oene]

At 07:15 PM 12/10/2002 +, Kim Seng wrote:
r1
 |
 |
 -
 |   |
 |   |
 r2  r3

In the above configuration, r2 and r3 are configured
with HSRP.
I need to configure iBGP between r1, r2 and R3. Can I
configure neighbor from r1 to r2 and r3 using the HSRP
virtual ip address? or I need to use r2, r3 real ip
address or using peer-group?

BGP runs on TCP and you won't find stateful TCP failover as part of the 
HSRP spec.  Hence, this won't work, nor do you really want it to.  For 
policy reasons, peer with both upstreams and you'll have more control.






Thanks.

Kim.


__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58938t=58938
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Loopback and OSPF [7:58890]

[Peter van Oene]

At 04:00 PM 12/10/2002 +, Christopher Dumais wrote:
Can you use Loopback interfaces to pass OSPF traffic? Here is my example:

The below routers will never form an OSPF adjacency.  loopback addresses 
are virtual as you likley know, and inherently stub networks (ie they 
cannot be used for transit as the medium they represent holds only one
device)

Pete



Router A

Interface loopback0
ip address 10.10.10.10 255.255.255.0

Interface Vlan 2
ip address 2.2.2.2 255.255.255.0

Router ospf 1
network 0.0.0.0 255.255.255.255 area 0

Router B

Interface loopback 0
ip address 10.10.10.11 255.255.255.0

Interface Vlan 3
ip address 3.3.3.3 255.255.255.0

Router ospf 1
network 0.0.0.0 255.255.255.255 area 0

Will the loopback interfaces pass along the OSPF traffic so that both router
will know about vlans 2 and 3? I know that OSPF will use loopbacks as the
router ID, but have not found anything conclusive about OSPF distribution.
Thanks in advance!!

Chris Dumais, CCNP, CNA
Sr. Network Administrator
NSS Customer and Desktop Services Team
Maine Medical Center
(207)871-6940
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58939t=58890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Hello (long response) [7:58824]

[Peter van Oene]

I brought these issues to my boss attention last wednesday and on thursay he

ordered me to 'clean' house.  The first thing I did was to send pink slips
to all

4 CCIEs in the group and told them that they are fired because they don't
know

anything other than RS.  They were making $130k/year and sucking almost all
of

So essentially, you started on 11/25 and after 8 days of work you were 
making 500k/year headcount reductions? Is wine coming out of the tap there 
yet or did you wake up?

I don't disagree with your points and have never been one to judge an 
individuals quality on the basis of a vendor exam, but I think there are 
more credible ways to make this point.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58941t=58824
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Specific BGP Question [7:58428]

[Peter van Oene]

Hi Jim, 

Some thoughts inline.

On Tue, 2002-12-03 at 02:16, Jim Devane wrote:
 Hello all,
  
 Long time lurker, first time poster.
  
 I have a router that is multi-homed between 16631 and 701.
 I have a new client who is buying transit from us.
 They are multi-homed to us and 1239.
 A business decision was made to policy route their traffic out 16631. 

Sound fair.  Likely cheaper than 701 I expect.

 As a result I will only publish 16631 routes to them. 

Can you elaborate on why you would do this?  Also, do you send 0/0 to
the customer?

 However, if 16631 goes away, I want to be able to push the 701 routes to
 them.

Not sure why you are worried about sending both in the first place?

 Injecting a default wouldn't be very effective here since 1239 will most
 likely have a more specific route!
 So Conditional Adv to the rescue. However..I have a few questions I am
 unsure about and I don't have a lab to try it out on.
  
 In this config:
  
 router bgp 
 nei New_Client remote-as Client_AS
 nei New_Client filter-list 4 in 
 nei New_Client filter-list 3 out
  
 ip as path access-list 3 permit .*
 ip as-path access-list 4 permit ^Client_AS$
  
 so far so good
 I want to add this...
  
 nei New_Client advertise-map MAP1 non-exist-map MAP2
  
 route-map MAP1 permit 10
 match as-path 5
 route-map MAP2 permit 10
 match as-path 6
  
 ip as-path access-list 5 ^$ _16631_
 ip as-path access-list 6 ^$ _701_
  
  
 SO NOW THE QUESTIONS!!!
  
 1) What is the order of operation for the advertisement out? Will the
 Filter-list showing all routes cancel any effect of the route-map?
 2) Are the MAP1 and MAP2 route maps valid in this config because they use
 as-path? The config's I could find as example were based on Prefix. I made
 up the part about using the as-path, but it seems logical (boy, I wish I
had
 a couple extra routers!)
 3) Is there a better way to go about this!
  
 Thanks in advance. And thanks to everybody who posts. I have taken away a
 lot from this mailing-list!
  
 Jim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58443t=58428
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Ccie is a rip off! [7:58458]

[Peter van Oene]

Sorry, are you flaming the Cisco test, or some book?  

On Tue, 2002-12-03 at 12:11, W'WW(W WW wrote:
 Someone should say this already :
 There is no experties-checking in any ccie written exam!
 The ccie is a rip-off!
 50% memory questions (like what vip version is eprom-value:01e00 and
other
 shit.. 
 I got the official exam certification guide I am a ccip/ccdp/ccnp and I
 never got so miss-leaded! this book from july 2002 (very new) and it says
 (page 4) the exam is 100 question + does not include the fddi and many more
 ... it is missleading in many areas
 +
 the question and cd-test is 80% less
 hard then the actual test and it tells
 you that they are harder!
 i payed the price for getting the book for an idea of the test and i got
the
 wrong idea! 
 i think that cisco is doing something very wrong with this
 The material are quite broad and you can ask many hard questions on the
 technologies But there are so many of them about how many slots in
 this..?,what version support that..?,what ip precedence number is
 flush.. that gets you thinking cisco is not Concern about checking your
 experties but something complitly different - that gets people like us
 talking about the exams like it is something to brag about!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58473t=58458
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF E1 or E2 [7:58454]

[Peter van Oene]

Some thoughts below

On Tue, 2002-12-03 at 13:26, p b wrote:
 Comments inline:
 
 Howard C. Berkowitz wrote:
  
  At 5:00 PM + 12/3/02, p b wrote:
  One of the cisco press books indicates one should use
  type 1 externals when the route is being advertised by
  1 ASBR and type 2 externals when there's a single
  ASBR.
  
  This is just plain wrong. The reason you have E1 and E2 is to
  have
  different routing policies.
  
  E1 enforces a closest-exit policy which gives a degree of load
  sharing.
  
  E2 enforces a best-exit policy.  For example, you might have
  one fast
  link to an ISP and one dial backup link, or a primary and a
  backup
  provider.  In both cases, you want an E2 because you always
  want to
  go to a specific exit UNLESS there is a failure.
 
 See ACRC (Chappel), page 217.  Under E1 explanation ...Use
 this packet type when you have multiple ASBRs advertising a
 route to the same AS
 
 Under E2 explanation ... use this packet type if only one router
 is advertising a route to the AS...

I'd go with Howard on this one ;-)  E1 metrics simply let routers find
the closest exit from the AS (so long as the external side of the
metrics are relatively consistent)  


 
  
  
  Are there any issues if one uses type 1 external even
  when the route is being advertised by a single ASBR?  It
  would seem useful, given the cost to the external is
  compatible with the costing used in the OSPF network, to
  use type 1 externals even if the route originates from a
  single ASBR.  The benefit being able to get a meaningful
  cost value to the external.
  
  Why? If there's only one connection to the outside, does the
  internal
  cost really matter if you have to go there?
 
 Is there no benefit to knowing the cumulative cost?  Is
 there a benefit to knowing an E2 cost which has no cost
 meaning within the OSPF AS?As mentioned, there is only
 a single ASBR advertising this route, but there may be many
 paths to this ABSR.  So if there's no overhead with using a
 type 1 here, why not use it and get the cost information?  

The path to the ASBR, or forwarding address if it isn't 0.0.0.0, comes
out of the routing table.  Hence, the router already knows the best path
to ASBR.  Having it represented in OSPF simply changes the outcome of
the route selection process when there are mulitple entries for the same
destination.

In many cases, as Howard points out, you want all routers in the same AS
to prefer ASBR1 over ASBR2 for the same destination.  This is what
routing policies are all about.  In these cases, you simply set E2
metrics accordingly and accomplish your goal.   Again, it's a matter of
trying to figure out what you are trying to accomplish (what problem are
you trying to solve) and picking the right tools to solve it.  E1 and E2
are simply additional tools that can enable different routing
strategies.

 
 
  
  
  Is there any unexpected issues which might arise when
  doing this?   Flooding of LSAs or SPF aren't imapcted
  if a route is an E1 or E2, right?
  
  Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58475t=58454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Peter van Oene]

I've noticed however that the lab itself isn't booked heavily (I could
be wrong)  If the pool isn't full, turn on the hose and fill it up. 
Training down your qualification requirements accomplishes that as far
as I see it.



On Tue, 2002-12-03 at 16:19, Bernard wrote:
 Priscilla,
 
 more doable  less scary refers to the same exam (new format) at
 different passing scores.
 I did not mean to compare the new format and the old format.
 
 The new CCIE written exam with 58% as the passing score is more doable
  less scary than the same new CCIE written exam with 70% as the
 passing score.
 
 Rgds,
 
 Bernard
 
 
 
   This exam is much more doable now. It is not as scary as it
   used to be
   at 70%.
  
  Isn't your logic backwards if you say that the exam is more doable and
  less
  scary now?
  
  To maintain the same ratio of passing people versus non-passing
 people,
  they
  reduced the passing score because the exam is harder to pass than it
 used
  to
  be.
  
  At least that is what I would assume, or am I confused?
  
  Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58488t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF ABR question [7:57990]

[Peter van Oene]

On Sun, 2002-12-01 at 12:18, p b wrote:
 Peter van Oene wrote:
  
  Non intra-area ASBRs are found via type 4 LSAs (ASBR Summary)
  which
  follow the same rules as type 3 summaries and thus prevent non
  zero
  areas from providing transit toward ASBRs (that is where the
  non zero
  area contains neither the source nor ASBR)
 
 You're right.  I went back and looked at my lab config.  I 
 had had a link configured as non-0 when I thought it was in
 area 0.  Thus the incorrect conclusion regarding externals and
 non-0 areas for transit.
 
 It's interesting that OSPF will, apparently, always prefer
 an OSPF intra-area path over an inter-area path to a destination,
 even when the inter-area path is less cost.  This has implications
 for certain area 0 topologies (ie a ring built from p2p links)
 and thus can result in sub-optimal paths for certain source
 routers and destinations.

A general concept in routing is to always prefer information from the
most accurate source.  In Link State routing, a given router always has
the most accurate information about the area itself, and thus will
always prefer information derived from there.  This mechanism also
prevents loops.

 
 This would happen when a router, R, in area 0 is trying to reach
 a destination, D in a non-0 area, and there are two ABRs.  ABR_1
 and ABR_2 will install intra-area routes to the destination D.
 ABR_1 and ABR_2 will advertise into area 0 their costs to D
 via type 3 LSAs.  Router R will compute its cost to D through
 ABR_1 and ABR_2.  It might determine that ABR_2 is the prefered
 ABR through which R should route traffic to D.  However, if the
 path between R and ABR_2 causes the traffic to go through ABR_1,
 traffic from R to D will enter the non-0 area at ABR_1 (since 
 OSPF prefers intra-area paths over inter-area path, even if more
 expensive; ABR_1 thus installs the intra-area routes).  Thus,
 traffic from R-D takes a sub-optimal path.  Note this behvaior
 has nothing to do with summarization.

Issues like these often occur in OSPF.  Pat Murphy, in his NSSA drafts,
refers to this phenomenon as hijacking.  It is good to keep in mind
that this only produces sub-optimalities, not routing instabilities. 
However, all routing impementations can be prone to sub-optimal routing
if you do not optimally design the topology.  BGP confederations often
suffer from this as the length of the AS-Confed-Sequence is not used in
the BGP path selection algorithm.   



 Given the topology of area 0, little might be possible in avoiding
 the sub-optimal routing

For ring topologies, I often mux the link between ABR_1 and ABR_2 
to provide two logical links.  If these are in a POP together, they
likely run GigE or something similar in which case one can simply use
802.1q over the link and present an Area 0 link along with a non
backbone link.  This helps in the enterprise case where summarization is
occuring, and also helps provide more optimal routing.  The only cost is
in IP addressing and a little more complexity.  Should POS be in use,
frame works well here in the same fashion.


.  However, R would know, when it computes
 its tree to D, that traffic will flow through ABR_1 to get to
 ABR_2.   Looking at the cost to D from router R (via show ip route)
 it shows the cost as if the path enters the non-0 area at ABR_2.
 However, this isn't the path traffic will follow.  

 Now, R has the information to make the determination that traffic
 will flow into the non-0 area at ABR_1.  Why would R not show the
 cost to D via ABR_1 as this is the path that traffic takes?  

Actually R doesn't have this information.  The SPF algorithm is used
within the area to find the minimal cost path to each node in the area. 
For an inter area destination, the already known cost to an ABR is
summed with the cost provided in the LSA to create an Inter Area Cost
(IAC) to the given destination, the least of which  (assuming there are
more than one for a given destination) is chosen and used for next-hop
selection.  At no point does the router calculate an SPF to the
inter-area destination specifically.  It also doesn't look deeply at the
composite nodes along a given path to determine whether or not they
happen to be ABRs themselves, and certainly not ABRs which happen to
provide transit to a particular area for which they might also be
deriving IACs to in another process.  Furthermore, they don't actually
even know which areas a given ABR provides transit to as this
information isn't relevant nor contained in a type3/4 LSA.

As hopefully I've pointed out, there really isn't a way in OSPF to iron
out all the potential for sub-optimality that a given topology might
present.  It is incumbent upon the designer to understand and architect
around, or live with these issues.


 Thanks
 
 
 
   
   R2-ABR_1-R5-ABR_2-R3
   
   
   
   

  The
 result with an ABR using non-zero summary information in
  its
 routing table is that some intra area0 traffic might

Re: OSPF ABR question [7:57990]

[Peter van Oene]

On Sat, 2002-11-30 at 12:52, p b wrote:
 Thanks for the comments.  Some thoughts below.
 
 Peter van Oene wrote:
  
   Went back and read through some of the relevant parts of
   the RFC.  I believe there is no routing loop issue if an ABR
   was to consider summary LSAs received from non-zero areas.  
   (where consider means install routes from these type 3s. 
   consider, above, does not mean propogate the summary info
   into area 0).  I believe this would maintain the DV properties
   of the OSPF two-level hierarchy because the ABR would not
   re-originate the information that was already re-orignated
   at another ABR.
  
  A subtle point here.  Type 3 summaries, when sent inter area,
  are not
  flooded, but regenerated.  The ABR generates them by looking at
  routes
  in the routing table. Hence, if the ABR put routes in the table
  from non
  backbone type 3's, those routes would be prone to
  readvertisement into
  the baackbone.
 
 Is the ABR behavior you describe (ABR looks in routing table
 to determine what to regenerate in the summary LSA) part of the
 spec or is this how a specific implementation works?   

See 12.4.3 of 2328.

 
 
   In fact, if the ABR did install routes based on the non-0
  summary
   LSA information, better paths to destinations might be
  possible.
   However, since the ABR doesn't advertise these better paths
   (remember, no taking non-0 summary info and sending into
  area0)
   these better paths are not visible to the backbone area.
  
  Can you give an example of this?  If all ABRs send accurate
  summaries to
  the backbone, from the backbones perspective, routing should be
  optimal.  The only time it becomes less is is when the ABR
  coalesces
  information
 
 Here's an example topology.  It's very simple and somewhat
 contrived, but illustrates the point.  Note, link costs are
 show on each link.
 
 
 R2--1--ABR_1---100---ABR_2--1R3  (area 0)
| || |(area 1)
| |--1--R5--1--| |
||
R1   R4
 
 
 R2, ABR_1, ABR_2 and R3 are in area 0
 
 R1, ABR_1, ABR_2, R4 and R5 are in area 1
 
 Now consider R2 sending packets to R3.   R2 would
 compute the SPF across area 0.  R2 would expect the
 path to be R2-ABR_1-ABR_2-R3.
 
 However, assume ABR_1 considers the Summary LSAs it
 receives from ABR_2 and installs these into its
 routing table.   ABR_1's cost to R3 would be less
 via area 1 than the 100 cost through area 0.  Presumably,
 ABR_1 would instead install the path to R3 to go through
 area 1.
 
 So, traffic from R2, being sent to R3, would go:
 
 R2-ABR_1-R5-ABR_2-R3.  So, if the ABR was to consider
 non-0 summaries, better paths to a destination might be
 possible.

Sure, but again, in sample topologies where this fit might work. 
However, you could solve the above problem my making area 5 an ABR.  In
your design, you have not optimally built your OSPF network and are
looking to break the protocol to suit a sub-optimal design.  Most of
these issues are better solved with design than kludging up protocols.

 Note, there's very interesting behavior here when external's
 are involved.  Suppose R3 causes an external to be injected
 into OSPF.  This external get flooded through area 0 and area
 1.  ABR_1 will compute the shortest path to this external.  If
 the cost through the non 0 area is better, ABR_1 does install
 the path to the external to go through area 1.  What this means
 is that the spec apparently does allow non-0 areas to be transit
 for externals.  Traffic from area 0's R2 going to an external
 hanging off of area 0's R3's transit area 1 (R5):

Non intra-area ASBRs are found via type 4 LSAs (ASBR Summary) which
follow the same rules as type 3 summaries and thus prevent non zero
areas from providing transit toward ASBRs (that is where the non zero
area contains neither the source nor ASBR)
 
 R2-ABR_1-R5-ABR_2-R3
 
 
 
 
  
The
   result with an ABR using non-zero summary information in its
   routing table is that some intra area0 traffic might
  unexpectedly
   transit a non-zero area.  Unexpectedly here means that the
   area0 SPF would compute a path to the destination, and from
   the SPF perspective, traffic would remain on area0.  But when
   the traffic hit the ABR, it might forward the packets over 
   the non-0 area as that's a better path towards the
  destination.
  
  Ok, I'm losing you a bit here.  Maybe an example would help. 
  Forwarding
  decisions in OSPF are either source to destination, source to
  ABR, ABR
  to ABR, or ABR to destination.  In all of these cases, the
  source and
  final or intermediary source shared an identical LSDB from
  which they
  will calculate similar SPF trees.  Hence, there shouldn't be a
  case in a
  stable network where two nodes in the same area find a
  different best
  path through the area.  In the Area 0 case, assuming the
  traffic is
  destined to a non-0 area, the ABRs simply forward that traffic

Re: OSPF ABR question [7:57990]

[Peter van Oene]

 an issue if the ABR behaved as described
 above.

Again, not in your simple topology as far as I can tell.  

 Thanks for the thoughts so far.  Be interested in more feedback
 on the above analysis.
 
 
 
 Peter van Oene wrote:
  
  On Sun, 2002-11-24 at 21:56, p b wrote:
   Consider this a question around the theory behind why OSPF
   did things a certain way.   Somewhere along the way, Moy
   et. al. decided that there was an issue with an ABR processing
   a summary LSA.  Based on that, they decided to make a design
   decision in OSPF to not allow this behavior.
  
  Intra area routing uses a distance vector methodology.  Such
  mechanisms
  are prone to couting to infinity issues stemming from
  information
  feedback.  Having a strict hierarchy prevents this.
   
   Apparently the restriction on ABR's processing of summary
   LSA information is being relaxed.   This relaxation is
   described in the ID.  You are right, the ID is slightly
   different than the context of my question.  In the ID, the
   ABR is not connected to area 0, where's in my case, it is
   connected to area 0.   But the concepts are similar-- there
   are times when an ABR should consider and use summary LSA
   information.
  
  The concepts are not that similar in my opinion.  The non
  backbone
  connected ABR will not be capable of feeding back routing
  information
  into the backbone so long as regular ABRs ignore his
  summaries.  There
  are valid designs that support this requirement.  However, I do
  not see
  any valid reason to intentially fragment ones OSPF backbone.  
  
  What problem does your topology solve?
  
   I'm not sure I understand your comment about adjacencies.
   ABR_1 does receive the summary LSAs from ABR_2 and stores
   these routes from these summaries in its LSDB for area 1.
   So this isn't an adjcency issue.
   
   So, still looking for an answer to the question.  Why is it
   that an ABR can not use the information it receives in
   a summary LSA as part of the route selection process?
   There must be a reason why the spec indicates this is not
   allowed, and thus I'm looking for this reason.
  
  Doing so would create the potential for routing loops,
  particularly when
  two ABRs sit within the same area.  In equal cost situations,
  there are
  no additional bits to designated whether a summary has passed
  through
  the backbone or not (like the ISIS up/down bit for example). 
  The ID you
  refer to introduces this type of functionality for the non
  backbone
  connected ABR.
  
   Regarding the M$ comment.  It really surprises me how
   often folks will cookie-cutter a design based on what
   was presented in the last book they skimmed and not try
   to understand a topic beyond what's needed to pass an exam.
   Just looking for some outside of the box thinking...
   
   
   The Long and Winding Road wrote:

p b  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Thanks.  But this doesn't really answer my question.  I
realize
 that area 0 is partitioned.  I'm not looking for an
  answer to
 is there a rule that prevents this, but instead, what
breaks
 if ABR_1 were to consider routes learned via a non-area-0
summary
 LSA in its computation of it's routing table?

CL: sorry to be inflexible on this, but in my mind what you
  are
asking is
why doesn't OSPF behave in a way that it is not supposed to
behave?




 Note, I'm also not asking why ABR_1 should not flood
  ABR_2's
 summary LSAs into ABR_1's area 0.

 So back to the scenario:  all routers in area 1, including
 ABR_1, receive summary LSAs from ABR_2 which contain the
routes
 from ABR_2's area 0.

CL: no - becasue no adjacency can be formed between area 1
  and
area 2
routers. all adjacencies have to be formed between an area's
ABR, which is
connected to area zero. this changes if you either 1)
unpartition area 0,
with a tunnel or a virtual link or 2) set up a virtual link
across either
area 1 or area 2, ( which is probably the same as # 1 )


CL: you have an adjacency between area 1 and the area 0 it
conects to, and
area 2 and the area 0 it connects to. you do not get an
adjacency between
the area 1 and the area 2 routers.


 All non-ABR routers in area 1 will process the information
 injected by ABR_2's summary LSAs.  These routers will
  install
 these routes into their routing table.  These non-ABR
  routers
 will not realize there is an area 0 parition and will have
 reachability into both.  (I've not tested this, but
  believe
 this to be true.)

 Since ABR_1 is an ABR with a backbone connection, it's not
 allowed to:

 - forward information from ABR_2's summary LSAs into it's
area 0.
 - consider any routes found in ABR_2's summary LSAs as
candidates
   for insertion 

Re: Spanning tree loop [7:58099]

[Peter van Oene]

At 10:41 PM 11/26/2002 +, Larry Letterman wrote:
switch A and B wont talk to each other or cause a loop
because you have switch B isolated. STP in your case is
set for 3 instances :  STP for Vlan 1, Vlan 7 and Vlan 8.
A loop would be present if switch B were set for Vlan 7
on both links and STP did not block one of the ports.

I'm curious here.  Given Switch A and B don't emit tagged frames, traffic 
should flow freely despite A and B's disagreement on VLAN ID.  I am not 
very familiar with Per VLAN STP encoding however.  Are the BPDU's modified 
to carry a VLAN identifier?  This would seem superfluous to me and I'd 
wonder where it would be needed.  My take on 802.1q PVST+ is that only the 
common STP BDPUs are sent untagged and all other BPDUs are sent tagged with 
their appropriate VLAN making them easy to disambiguate.



pauldongso wrote:

 Hi All,
 
 Please advise how STP participates in the following scenario and why STP
 fails to stop the loop?
   
   |switch  A  |
   -
|(vlan 7)| (vlan 8)
||
||
|(vlan 1)|(vlan 1)
   ---
   | switch B |
   
 || |
  vlan 1 hosts
 
 
 In short, switch A has two ports configured with vlan 7, vlan 8
 respectively. Swtich B all ports are at default vlan 1.
 links between swA and swB are access mode.
 
 This scenario creates bridging loop. But just can't figure out why STP
 fails to stop loop.
 
 Thanks in advance.
 
 Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58158t=58099
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Spanning tree loop [7:58099]

[Peter van Oene]

On Tue, 2002-11-26 at 23:16, Larry Letterman wrote:
 Hi Peter,
 
 In a simpler analogy.
 vlan 7 would be a seperate switch with a connection to the vlan 1 switch...
 vlan 8 would be a seperate switch with a connection to the vlan 1 switch..
 
 no loop exist between any part of the 3 networksvlan 7 and 8 are 
 isolated
 from each other.  So stp sees no loops between vlan 1 and either of the 
 other
 vlans. if the switches are capable, do a show spantree summ, and see what
it
 replies with

Thanks.  I'm pretty cool with the concept of vlans.

My brain immediately went to the more intesting question of non native
VLAN PVST in this case as should have been more evident from my
questions.  Assuming switch A was entirely VLAN 7 and switch B entirely
8 for example.  This would be more interesting.  Untagged traffic would
flow freely, yet STP likely wouldn't catch loops were it encoded with
VLAN IDs. 

 
 Peter van Oene wrote:
 
 At 10:41 PM 11/26/2002 +, Larry Letterman wrote:
 
 switch A and B wont talk to each other or cause a loop
 because you have switch B isolated. STP in your case is
 set for 3 instances :  STP for Vlan 1, Vlan 7 and Vlan 8.
 A loop would be present if switch B were set for Vlan 7
 on both links and STP did not block one of the ports.
 
 
 I'm curious here.  Given Switch A and B don't emit tagged frames, traffic 
 should flow freely despite A and B's disagreement on VLAN ID.  I am not 
 very familiar with Per VLAN STP encoding however.  Are the BPDU's
modified
 to carry a VLAN identifier?  This would seem superfluous to me and I'd 
 wonder where it would be needed.  My take on 802.1q PVST+ is that only
the
 common STP BDPUs are sent untagged and all other BPDUs are sent tagged
with
 their appropriate VLAN making them easy to disambiguate.
 
 
 
 pauldongso wrote:
 
 Hi All,
 
 Please advise how STP participates in the following scenario and why STP
 fails to stop the loop?
  
  |switch  A  |
  -
   |(vlan 7)| (vlan 8)
   ||
   ||
   |(vlan 1)|(vlan 1)
  ---
  | switch B |
  
|| |
 vlan 1 hosts
 
 
 In short, switch A has two ports configured with vlan 7, vlan 8
 respectively. Swtich B all ports are at default vlan 1.
 links between swA and swB are access mode.
 
 This scenario creates bridging loop. But just can't figure out why STP
 fails to stop loop.
 
 Thanks in advance.
 
 Paul




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58170t=58099
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]